First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Incomplete Checks in Meowntainer Functions in `purrrCollateralToAave` and `purrrCollateralFromAave` in KittyVault.sol

Caesar

Relevant GitHub Links

https://github.com/Cyfrin/2024-08-kitty-fi/blob/main/src/KittyVault.sol#L89-111

Summary

The functions purrrCollateralToAave and purrrCollateralFromAave in the contract are protected by the onlyMeowntainer modifier, which limits their execution to the Meowntainer role. However, if the Meowntainer account is compromised, it could result in unauthorized actions, putting the entire system at risk.

Vulnerability Details

The current implementation relies solely on the onlyMeowntainer modifier to restrict access to certain critical functions. This approach creates a single point of failure; if the Meowntainer's private key is compromised or the account is otherwise taken over, the attacker could execute these functions, leading to potential misuse of funds or other malicious activities.

function purrrCollateralToAave(uint256 _ameowntToSupply) external onlyMeowntainer {

totalMeowllateralInVault -= _ameowntToSupply;

IERC20(i_token).approve(address(i_aavePool), _ameowntToSupply);

i_aavePool.supply( { asset: i_token, amount: _ameowntToSupply, onBehalfOf: address(this), referralCode: 0 } );

}

/**

* @notice Withdraws collateral from Aave pool

* @param _ameowntToWhiskdraw The amount of collateral to withdraw from Aave

function purrrCollateralFromAave(uint256 _ameowntToWhiskdraw) external onlyMeowntainer {

totalMeowllateralInVault += _ameowntToWhiskdraw;

i_aavePool.withdraw( { asset: i_token, amount: _ameowntToWhiskdraw, to: address(this) } );

}

Impact

Unauthorized actions such as inappropriate transfer of collateral to or from Aave could occur, leading to financial losses or disruption of the system's operation.

Tools Used

Manual

Recommendations

Implement Multisig: Introduce a multisig wallet for the Meowntainer role, requiring multiple approvals before executing critical functions.

Time-Lock Mechanism: Add a time-lock to these functions, providing a buffer period during which any suspicious activity can be noticed and potentially halted.

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.