Race conditions in `KittyPool::purrgeBadPawsition` allow attackers to front run a user attempting to liquidate their position by minting more tokens causing the user to repay more than intended
Summary
Race conditions in KittyPool::purrgeBadPawsition allow attackers to front run a user attempting to liquidate their position by minting more tokens causing the user to repay more than intended
Vulnerability Details
When a user calls purrgeBadPawsition to repay an attackers bad debt, the attacker can monitor users attempting to liquidate their position and front run it by minting more KittyCoin. This would raise their total debt and could possibly cause the user to repay more KittyCoin than intended.
Impact
User calling purrgeBadPawsition could lose more KittyCoin than intended or even all of it leaving them unable to potentially pay back their debt.
POC
Alice has 1000 KittyCoin and sees that Bob has a bad debt postion with a total debt of 500 Kitty coin. She calls purrgeBadPawsition with the intention of buring 500 KittCoin and receiving a share of the reward distribution. Bob sees this transaction submitted to the mempool, front runs it and mints 500 more KittyCoin. The totalDebt amount is now 1000 instead of the 500 Alice intended, and Alice burns all of her KittyCoin.
Tools Used
Manual Review
Recommendations
Consider adding a parameter to the function that takes in an upper bound of what the maximum the user is willing to repay. This will act similar to slippage. Revert if the total debt is higher than the upper bound.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.