First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Theft of collateral tokens with fewer than 18 decimals.

oxenzo

Description:

When converting the collateral from USD to EUR, the decimal for the minted Kitty Coin is fixed at 18, but the collateral decimal is not taken into account, which may not be 18, such as 8 for WBTC.

As a result, there is a huge error in the calculation of getUserVaultMeowllateralInEuros and getTotalMeowllateralInAave function, resulting in funds loss for users.

The getUserVaultMeowllateralInEuros function:

function getUserVaultMeowllateralInEuros(address _user) external view returns (uint256) {

(, int256 collateralToUsdPrice, , , ) = i_priceFeed.latestRoundData();

(, int256 euroPriceFeedAns, , ,) = i_euroPriceFeed.latestRoundData();

uint256 collateralAns = getUserMeowllateral(_user).mulDiv(uint256(collateralToUsdPrice) * EXTRA_DECIMALS, PRECISION);

return collateralAns.mulDiv(uint256(euroPriceFeedAns) * EXTRA_DECIMALS, PRECISION);

}

The getTotalMeowllateralInAave function:

function getTotalMeowllateralInAave() public view returns (uint256) {

(uint256 totalCollateralBase, , , , , ) = i_aavePool.getUserAccountData(address(this));

(, int256 collateralToUsdPrice, , , ) = i_priceFeed.latestRoundData();

return totalCollateralBase.mulDiv(PRECISION, uint256(collateralToUsdPrice) * EXTRA_DECIMALS);

}

Impact:

The decimal of the collateral is not taken into account, which can result in a miscalculation of the result and a huge loss for the user. For example the getUserVaultMeowllateralInEuros function undervalues WBTC, and users who deposit 1WBTC but cannot borrow any KittyCoin stable coin.

**Tools Used

Manual Review

Recommended Mitigation:

Taken into account the collateral decimals, provide a correct implementation of getUserVaultMeowllateralInEuros and getTotalMeowllateralInAave by not hardcoding it.

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

`getUserVaultMeowllateralInEuros` doesn't considers the collateral decimals, instead uses constant precision which works only for 18 decimals

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.