First Flight #21: KittyFi
First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: medium
Invalid

[M-2] Risk of DOS in `KittyPool::purrgeBadPawsition()` function.

ivanonchain

Summary

The more vaults there are, the more expensive it will be to purge a bad position, until the point that will be economically not viable do liquidations.

Vulnerability Details

Either because meowntainer role has bad intentions or simply he is not aware about the number of created vault, a consider number of vault can become economically not viable purge a bad position.

The inability to liquidate the position will cause the vault to incur financial losses, rendering it obsolete, for that reason this vulnerability has a medium impact.

Tools Used

Manual review

Recommendations

Add a restriction in the max number of vault that is possible to create, in this case the max number would be 20 vaults, according with the documentation.

function meownufactureKittyVault(address _token, address _priceFeed) external onlyMeowntainer {
require(tokenToVault[_token] == address(0), KittyPool__TokenAlreadyExistsMeeoooww());
+ require(vaults.length > 20, KittyPool__ReachLimitNumberOfVaultsCreation());
address _kittyVault = address(new KittyVault{ salt: bytes32(abi.encodePacked(ERC20(_token).symbol())) }(_token, address(this), _priceFeed, i_euroPriceFeed, meowntainer, i_aavePool));
tokenToVault[_token] = _kittyVault;
vaults.push(_kittyVault);
}
Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Other

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.