First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Incorrect calculation of the total collateral held in the Aave protocol

14xSachet

Summary

'getTotalMeowllateralInAave' function of the KittyVault contract calls the 'getUserAccountData' of the Aave pool contract. It returns the total collateral of the vault held by the Aave protocol, including the interest earned from the supply. The value retrieved is in ETH.

The getTotalMeowllateralInAave calculates the value Aave holds in terms of token by dividing the total value in ETH returned by getUserAccountData, with the value of 1 token in USD. This results in incorrect valuation of the collateral held in Aave in terms of tokens.

Vulnerability Details

The getTotalMeowllateralInAave function correctly retrieves the total collateral value in ETH from the Aave protocol using getUserAccountData, but then incorrectly calculates the token-denominated value by dividing the ETH value by the price of 1 token in USD.

Impact

The calculated total collateral value held in the Aave protocol in terms of tokens will be inaccurate, leading to incorrect accounting, risk management, or other business logic that relies on this value.

Tools Used

VS code

Recommendations

Get the priceFeed address of the ETH / USD and then convert the value retrieved in ETH to USD . Followed by that, divide the total value in USD / 1 token value in USD. This returns the correct value of tokens held in Aave.

- function getTotalMeowllateralInAave() public view returns (uint256) {

+ function getTotalMeowllateralInAave(address eth_priceFeed) public view returns (uint256) {

(uint256 totalCollateralBase, , , , , ) = i_aavePool.getUserAccountData(address(this));

+ (, int256 ethcollateralToUsdPrice, , , ) = eth_priceFeed.latestRoundData();

+ uint256 totalCollateralBaseInUsd = totalCollateralBase.mulDiv(uint256(ethcollateralToUsdPrice) * EXTRA_DECIMALS,PRECISION);

(, int256 collateralToUsdPrice, , , ) = i_priceFeed.latestRoundData();

+ return totalCollateralBaseInUsd.mulDiv(PRECISION, uint256(collateralToUsdPrice) * EXTRA_DECIMALS);

- return totalCollateralBase.mulDiv(PRECISION, uint256(collateralToUsdPrice) * EXTRA_DECIMALS);

}

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Appeal created

14xSachet Submitter

about 1 year ago

shikhar229169 Lead Judge

about 1 year ago

shikhar229169 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.