First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Incorrect Calculation of redeemPercent in KittyPool::purrgeBadPawsition

ayamercy

Summary

The calculation of the redeemPercent in the KittyPool::purrgeBadPawsition function is incorrect, leading to an inaccurate percentage that can cause significant financial discrepancies when purging a user's bad debt.

Vulnerability Details

In the KittyPool::purrgeBadPawsition function, the redeemPercent is intended to represent the proportion of the user's collateral that should be redeemed based on their total debt. However, the calculation incorrectly multiplies the debt by a precision constant (PRECISION) before dividing by the user's collateral in euros. This results in an incorrect and excessively large percentage value.

The problematic code is as follows:

function purrgeBadPawsition(address _user) external returns (uint256 _totalAmountReceived) {

//...

uint256 redeemPercent;

if (totalDebt >= userMeowllateralInEuros) {

@> redeemPercent = PRECISION;

}

else {

@> redeemPercent = totalDebt.mulDiv(PRECISION, userMeowllateralInEuros);

}

//...

}

POC

Add the following to KittyFiTest.t.sol test file:

function test_incorrectRedeemPercent() public pure{

uint256 PRECISION = 1e18;

uint256 debt = 5e18;

uint256 userCollateralInEuros = 500;

uint256 redeemPercent = debt.mulDiv(PRECISION, userCollateralInEuros);

// we get a percentage equal to 1e34!!

assertEq(redeemPercent, 1e34);

}

Impact

Incorrect Debt Repayment: The incorrect redeemPercent could lead to over-redeeming the user's collateral, resulting in substantial financial discrepancies.

Potential Exploitation: An attacker could potentially exploit this flaw to manipulate the system and extract more value than they are entitled to.

Tools Used

Manual review

Foundry (Testing Framework)

Recommendations

Correct the Calculation: Modify the calculation to correctly compute the redeemPercent without unintentionally inflating the value
Add Validation Checks: Implement additional checks to ensure that the redeemPercent falls within a reasonable range.

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Other

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.