First Flight #21: KittyFi
First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect Calculation of Total Collateral in Aave in `KittyVault::getTotalMeowllateralInAave`

esoetheric

Summary

The getTotalMeowllateralInAave function in KittyVault.sol calculates the total collateral deposited in Aave and the collateral earned by interest. The current implementation incorrectly multiplies collateralToUsdPrice by EXTRA_DECIMALS when converting the collateral value using the USD price feed, resulting in an incorrect calculation.

Vulnerability Details

function getTotalMeowllateralInAave() public view returns (uint256) {
(uint256 totalCollateralBase, , , , , ) = i_aavePool.getUserAccountData(address(this));
(, int256 collateralToUsdPrice, , , ) = i_priceFeed.latestRoundData();
return totalCollateralBase.mulDiv(PRECISION, uint256(collateralToUsdPrice) * EXTRA_DECIMALS);
}

Impact

The incorrect calculation leads to the result being off by a factor of 10^10, which means the total collateral value is not accurately represented. This can cause significant issues in collateral management, since the return value of this function is used to calculate the total collateral of the vault in KittyVault::getTotalMeowllateral.

Tools Used

Manual review.

Recommendations

Modify the calculation to remove the * EXTRA_DECIMALS multiplication. The corrected line should be:

return totalCollateralBase.mulDiv(PRECISION, uint256(collateralToUsdPrice));
Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.