Description: The KittyPool
contract is assigned the role of allowing the user to withdraw their collateral. The KittyPool contract routes the call to the respective vault for deposit and withdrawal collateral which is created for every collateral token used in the protocol.
However, users get a panic error
when withdrawing all the Collateral value from the vault and When users try to mint kittyCoin
without depositing any Collateral.
ERROR:
It's happening because of one of his inner functions.
Impact: A panic with the reason "division or modulo by zero" (error code 0x12) indicates that the contract code attempted to divide by zero, which is a critical runtime error in Solidity. This type of error can break the protocol and cause it to behave unexpectedly or fail entirely.
Proof Of Concept:
This is happening because a user tries to withdraw all his collateral and the contract has 0 balance to prevent this we need to add some collateral in the contract beforehand or check recommendations.
This causes a panic error when the contract has 0 collateral and a user
tries to mint kittyCoin
without depositing any collateral.
Tools Used:
Manual Review
Foundry
Recommendations:
We need to adjust the logic in KittyVault::getUserMeowllateral
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.