https://github.com/Cyfrin/2024-08-kitty-fi/blob/main/src/KittyVault.sol#L127-L131
The contract relies heavily on external price feeds without proper safeguards, which could lead to manipulation
The system uses external price feeds to determine collateral values, but it lacks fallback mechanisms or validation checks. This dependence on potentially untrusted or manipulated data could result in incorrect collateral valuations, leading to under-collateralization or liquidation.
The reliance on external price feeds (i_priceFeed
and i_euroPriceFeed
) without any fallback mechanism or validation introduces the risk of price manipulation or oracle attacks. If the price feed data is incorrect or manipulated, it could severely impact the value of collateral and the stability of the system.
If the price feed is compromised or incorrect, it could drastically affect the stability of the platform, leading to large-scale liquidations or insolvency.
Manual
Introduce fallback mechanisms and validate the data returned from external price feeds. Consider using multiple oracles and aggregating their data to reduce the risk of manipulation.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.