First Flight #21: KittyFi
First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect Handling of Withdrawals Leading to Potential User Fund Loss in KittyPool.sol::`whiskdrawMeowllateral` function

Caesar

Relevant GitHub Links

https://github.com/Cyfrin/2024-08-kitty-fi/blob/main/src/KittyPool.sol#L92-L95

Summary

The whiskdrawMeowllateral function allows withdrawals before ensuring adequate collateral, which could result in fund loss.

Vulnerability Details

The function whiskdrawMeowllateral permits users to withdraw collateral before checking if they have enough remaining to cover their debt. This order of operations can lead to under-collateralization, where users could potentially withdraw more than they should, risking fund loss for both the user and the platform.

function whiskdrawMeowllateral(address _token, uint256 _ameownt) external tokenExists(_token) {
IKittyVault(tokenToVault[_token]).executeWhiskdrawal(msg.sender, _ameownt);
require(_hasEnoughMeowllateral(msg.sender), KittyPool__NotEnoughMeowllateralPurrrr());
}

Impact

This vulnerability can lead to significant financial losses for users and could compromise the stability of the platform by allowing users to game the system.

Tools Used

Manual

Recommendations

Reorder the operations in whiskdrawMeowllateral so that the collateral adequacy check happens before any withdrawal is processed, ensuring that users cannot withdraw more collateral than allowed.

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.