Incorrect KittyCoin Burning in `KittyPool::purrgeBadPawsition` Leads to Financial Discrepancies
Summary
The KittyPool::purrgeBadPawsition function incorrectly burns the msg.sender's KittyCoins instead of the user's coins, resulting in the wrong user's coins being burned. This error compromises the accuracy of debt management and could lead to significant financial discrepancies.
Vulnerability Details
The function purrgeBadPawsition is designed to purge a user's bad position by burning their KittyCoins equivalent to their total debt. However, instead of burning the coins belonging to the user whose position is being purged, the function mistakenly burns the coins from the caller's (msg.sender) balance.
The relevant code snippet is as follows:
Impact
Incorrect Debt Settlement: The user's debt remains unresolved, which could lead to inaccuracies in the system's accounting and financial state.
Financial Loss: The caller (msg.sender) suffers a financial loss by burning their coins instead of the intended user's coins, leading to an unnecessary depletion of their assets.
Potential Exploitation: An attacker could exploit this flaw to trick users into burning their coins, leaving the attacker's coins untouched while still benefiting from the system.
Tools Used
Manual review.
Recommendations
Correct the Burn Operation: Update the code to burn the targeted user's coins instead of the caller's. Replace msg.sender with _user in the burn function call:
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.