First Flight #21: KittyFi
First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Insufficient Validation for Token Existence in KittyPool.sol:: modifier tokenExists

Caesar

Relevant GitHub Links

https://github.com/Cyfrin/2024-08-kitty-fi/blob/main/src/KittyPool.sol#L45-L48

Summary

The contract does not thoroughly validate the existence of tokens, leading to potential security vulnerabilities.

Vulnerability Details

The tokenExists modifier checks if a token's associated vault exists by verifying the non-zero address of the vault. However, this check is insufficient as it does not ensure the vault is pointing to a legitimate and intended contract, leaving room for misconfiguration or attack vectors.

modifier tokenExists(address _token) {
require(tokenToVault[_token] != address(0), KittyPool__TokenNotFoundMeeoooww());
_;
}

Impact

This vulnerability could lead to unauthorized minting or manipulation of vaults, which could compromise the integrity of the system and lead to loss of funds or incorrect collateral management.

Tools Used

Manual

Recommendations

Enhance the tokenExists modifier to include additional checks, such as verifying the type and legitimacy of the vault contracts, to prevent misconfigurations or potential attacks.

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.