First Flight #21: KittyFi

First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Submission Details
Severity: low
Invalid

Missing Getter Function for i_euroPriceFeed Address in KittyPool Contract

Summary:

The KittyPool contract lacks a getter function for the i_euroPriceFeed address, making it inaccessible from outside the contract. This omission can hinder transparency and integration, particularly for external systems that require this information for interacting with the contract.

Vulnerability Detail:

In the KittyPool contract, the i_euroPriceFeed address is defined as a private immutable variable. However, unlike other similar variables (i_kittyCoin, i_aavePool, meowntainer), there is no public getter function to access this address. This restricts users and other contracts from retrieving the address, which could be essential for verifying the price feed used or for other integration purposes.

Code Snippet:

address private immutable i_euroPriceFeed;
constructor(address _meowntainer, address _euroPriceFeed, address aavePool) {
meowntainer = _meowntainer;
i_kittyCoin = new KittyCoin(address(this));
i_euroPriceFeed = _euroPriceFeed;
i_aavePool = aavePool;
}
// Getter functions for other addresses
function getAavePool() external view returns (address) {
return i_aavePool;
}
function getMeowntainer() external view returns (address) {
return meowntainer;
}
function getKittyCoin() external view returns (address) {
return address(i_kittyCoin);
}
// Missing getter function for i_euroPriceFeed

Impact:

  • Transparency:

Users and developers cannot verify the i_euroPriceFeed address used in the contract, reducing the transparency of the system.

  • Integration:

External systems and smart contracts that need to interact with the KittyPool contract may require the i_euroPriceFeed address. Without a getter function, these integrations are impeded.

Recommendations:

To address this issue, it is recommended to implement a public getter function for the i_euroPriceFeed address, similar to other addresses in the contract. This will enhance transparency and facilitate better integration with external systems.

Suggested Code Modification:

Add the following getter function to the KittyPool contract:

function getEuroPriceFeed() external view returns (address) {
return i_euroPriceFeed;
}
By implementing this change, the contract will provide a complete set of getter functions, enhancing both transparency and usability.
Updates

Lead Judging Commences

shikhar229169 Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.