First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Valid

Missing Health Factor Check and Unverified Price Feed Data in getTotalMeowllateralInAave Function

bryanconquer

Summary

The getTotalMeowllateralInAave function in the contract does not check the health factor of the account data returned by the Aave Pool, nor does it verify the freshness and validity of the price feed data used in the calculations. This can lead to incorrect assessments of the account's collateral status, potentially causing significant financial risks.

function getTotalMeowllateralInAave() public view returns (uint256) {

(uint256 totalCollateralBase, , , , , ) = i_aavePool.getUserAccountData(address(this)); // @audit-info does not check for the health factor

(, int256 collateralToUsdPrice, , , ) = i_priceFeed.latestRoundData(); // @audit-info : does not get latestData

return totalCollateralBase.mulDiv(PRECISION, uint256(collateralToUsdPrice) * EXTRA_DECIMALS);

}

Vulnerability Details

Impact

The function retrieves the account data from Aave but fails to:

Check the health factor, which is critical for determining the account's risk of liquidation.
Ensure the price feed data is up-to-date and valid, which is crucial for accurate collateral valuation.

Tools Used

manual review

Recommendations

By incorporating checks for the health factor and verifying the freshness and validity of the price feed data, the getTotalMeowllateralInAave function can provide more accurate and reliable assessments of the account's collateral status, thereby reducing financial risks.

function getTotalMeowllateralInAave() public view returns (uint256) {

(

uint256 totalCollateralBase,

uint256 healthFactor

) = i_aavePool.getUserAccountData(address(this));

// Check if health factor is above a critical threshold (e.g., 1.0)

require(healthFactor > 1e18, "Health factor is below the safe threshold");

// Get the latest price data from the price feed

(

int256 collateralToUsdPrice,

uint256 updatedAt,

uint80 answeredInRound

) = i_priceFeed.latestRoundData();

// Ensure the price feed data is recent

require(updatedAt > block.timestamp - 1 hours, "Price data is stale");

// Ensure the price feed data is valid

require(answeredInRound >= i_priceFeed.latestAnswer(), "Price data is not valid");

return totalCollateralBase.mulDiv(PRECISION, uint256(collateralToUsdPrice) * EXTRA_DECIMALS);

}

Updates

Lead Judging Commences

shikhar229169 Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Stale Price from Chainlink Datafeed

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.