Collateral Calculation Error in KittyPool Contract
Relevant GitHub Links
https://github.com/Cyfrin/2024-08-kitty-fi/blob/main/src/KittyPool.sol#L164-169
Summary
The KittyPool contract is responsible for managing collateral deposits, minting and burning KittyCoin, vault management, and handling liquidations. However, there are potential issues related to collateral calculation errors that could affect the contract's integrity and the security of the funds.
Vulnerability Details
The _hasEnoughMeowllateral function is critical in checking whether a user has sufficient collateral. If this function's logic is flawed or if it relies on inaccurate external price feeds, it may cause incorrect liquidations or allow under-collateralized positions to persist.
Impact
If the collateral calculation is inaccurate, users could either be unfairly liquidated or allowed to maintain risky, under-collateralized positions, potentially compromising the protocol's stability.
Tools Used
Manual
Recommendations
Implement thorough unit tests for _hasEnoughMeowllateral with edge cases, and consider using a decentralized price oracle with built-in redundancy to minimize the risk of relying on inaccurate price feeds.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.