Precision Loss in KittyPool Contract
Relevant GitHub Links
https://github.com/Cyfrin/2024-08-kitty-fi/blob/main/src/KittyPool.sol#L166
Summary
The KittyPool contract is responsible for managing collateral deposits, minting and burning KittyCoin, vault management, and handling liquidations.However there is precision loss in division operations that could affect the contract's integrity and the security of the funds.
Vulnerability Details
The contract extensively uses division operations, particularly through the mulDiv function. Division operations can sometimes result in precision loss, especially when dealing with large numbers, which could lead to rounding errors and financial discrepancies.
Impact
Rounding errors due to precision loss in financial calculations could result in small but cumulative financial discrepancies, leading to losses for users or the protocol.
Tools Used
Manual
Recommendations
Consider using fixed-point arithmetic libraries to reduce precision loss, and add safety checks around division operations to detect and handle potential rounding errors gracefully.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.