Race conditions in KittyPool::purrgeBadPawsition
allow attackers to front run a user attempting to liquidate their position by minting more tokens causing the user to repay more than intended
When a user calls purrgeBadPawsition
to repay an attackers bad debt, the attacker can monitor users attempting to liquidate their position and front run it by minting more KittyCoin. This would raise their total debt and could possibly cause the user to repay more KittyCoin than intended.
User calling purrgeBadPawsition
could lose more KittyCoin than intended or even all of it leaving them unable to potentially pay back their debt.
Alice has 1000 KittyCoin and sees that Bob has a bad debt postion with a total debt of 500 Kitty coin. She calls purrgeBadPawsition
with the intention of buring 500 KittCoin and receiving a share of the reward distribution. Bob sees this transaction submitted to the mempool, front runs it and mints 500 more KittyCoin. The totalDebt
amount is now 1000 instead of the 500 Alice intended, and Alice burns all of her KittyCoin.
Manual Review
Consider adding a parameter to the function that takes in an upper bound of what the maximum the user is willing to repay. This will act similar to slippage. Revert if the total debt is higher than the upper bound.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.