Summary

The KittyVault contract relies on Chainlink’s latestRoundData() for price information in its getUserVaultMeowllateralInEuros and getTotalMeowllateralInAave functions. However, the current implementation does not include checks to verify the freshness and validity of the price data returned by Chainlink. This can lead to issues if the price feed provides stale or incorrect data, potentially affecting the contract’s behavior and financial operations.

Vulnerability Details

In the KittyVault contract, the following issues are present:

1. Negative Value Casting: Chainlink’s latestRoundData() returns an answer that could be negative. When this value is cast to uint256, it will convert to an unexpectedly large number. There is no validation to handle such cases properly.

2. Stale Data: There are no checks to ensure that the price data retrieved from Chainlink is up-to-date. This could lead to using outdated prices which might impact the contract’s functionality.

Impact

• Incorrect Pricing: Using stale or incorrect price data can lead to miscalculations in collateral valuations and financial operations, potentially resulting in incorrect liquidation or reward distributions.

• Data Integrity Issues: Without proper checks, negative values improperly cast to uint256 can lead to erroneous computations and unintended behavior.

Tools Used

Manual Code Review

Recommendations

Add Stale Data Checks: Implement checks to ensure that the price data is fresh and valid. For example:

This ensures that:

• The price (answer) is positive.

• The round data is not stale by comparing answeredInRound with roundID.

• The round is complete by checking if timestamp is non-zero.