First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing Getter Function for i_euroPriceFeed Address in KittyPool Contract

purpledragon

Summary:

The KittyPool contract lacks a getter function for the i_euroPriceFeed address, making it inaccessible from outside the contract. This omission can hinder transparency and integration, particularly for external systems that require this information for interacting with the contract.

Vulnerability Detail:

In the KittyPool contract, the i_euroPriceFeed address is defined as a private immutable variable. However, unlike other similar variables (i_kittyCoin, i_aavePool, meowntainer), there is no public getter function to access this address. This restricts users and other contracts from retrieving the address, which could be essential for verifying the price feed used or for other integration purposes.

Code Snippet:

address private immutable i_euroPriceFeed;

constructor(address _meowntainer, address _euroPriceFeed, address aavePool) {

meowntainer = _meowntainer;

i_kittyCoin = new KittyCoin(address(this));

i_euroPriceFeed = _euroPriceFeed;

i_aavePool = aavePool;

}

// Getter functions for other addresses

function getAavePool() external view returns (address) {

return i_aavePool;

}

function getMeowntainer() external view returns (address) {

return meowntainer;

}

function getKittyCoin() external view returns (address) {

return address(i_kittyCoin);

}

// Missing getter function for i_euroPriceFeed

Impact:

Transparency:

Users and developers cannot verify the i_euroPriceFeed address used in the contract, reducing the transparency of the system.

Integration:

External systems and smart contracts that need to interact with the KittyPool contract may require the i_euroPriceFeed address. Without a getter function, these integrations are impeded.

Recommendations:

To address this issue, it is recommended to implement a public getter function for the i_euroPriceFeed address, similar to other addresses in the contract. This will enhance transparency and facilitate better integration with external systems.

Suggested Code Modification:

Add the following getter function to the KittyPool contract:

function getEuroPriceFeed() external view returns (address) {

return i_euroPriceFeed;

}

By implementing this change, the contract will provide a complete set of getter functions, enhancing both transparency and usability.

Updates

Lead Judging Commences

shikhar229169 Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.