First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Incorrect Calculation of toDistribute in KittyPool::purrgeBadPawsition

ayamercy

Summary

The calculation of the toDistribute amount in the KittyPool::purrgeBadPawsition function is incorrect, leading to potential errors in distributing the appropriate collateral after purging a user's bad debt.

Vulnerability Details

In the KittyPool::purrgeBadPawsition function, the toDistribute value is intended to represent the amount of collateral that should be distributed from a user's vault based on the redeemPercent. However, the calculation mistakenly uses PRECISION (a value of 1e18) in a way that causes the toDistribute value to be incorrect. Specifically, when the redeemPercent is much smaller than PRECISION, the result of the multiplication and division produces an incorrect, often zero, value.

The problematic code is as follows:

function purrgeBadPawsition(address _user) external returns (uint256 _totalAmountReceived) {

//...

uint256 vaults_length = vaults.length;

for (uint256 i; i < vaults_length; ) {

IKittyVault _vault = IKittyVault(vaults[i]);

uint256 vaultCollateral = _vault.getUserVaultMeowllateralInEuros(_user);

@> uint256 toDistribute = vaultCollateral.mulDiv(redeemPercent, PRECISION);

uint256 extraCollateral = vaultCollateral - toDistribute;

uint256 extraReward = toDistribute.mulDiv(REWARD_PERCENT, PRECISION);

extraReward = Math.min(extraReward, extraCollateral);

_totalAmountReceived += (toDistribute + extraReward);

_vault.executeWhiskdrawal(msg.sender, toDistribute + extraReward);

unchecked {

++i;

}

PoC

Add the following to KittyFiTest.t.sol test file:

function test_incorrectToDestributeValue() public pure{

uint256 PRECISION = 1e18;

uint256 vaultCollateral = 1000;

uint256 redeemPercent = 70; // 70%

uint256 toDistribute = vaultCollateral.mulDiv(redeemPercent, PRECISION);

// we get 0 instead of 700€!!

assertEq(toDistribute, 0);

}

Impact

Incorrect Collateral Distribution: The incorrect toDistribute value can lead to insufficient distribution of collateral, potentially leaving users with unresolved debts or misallocated rewards.

Financial Discrepancies: Users may experience financial discrepancies due to incorrect distribution amounts, leading to potential loss of funds or imbalanced contract states.

Tools Used

Manual review

Foundry (Testing Framework)

Recommendations

Correct the Calculation: Modify the calculation to correctly compute the toDistribute value.
Alternatively, ensure that redeemPercent is already a proportion without the need to divide by PRECISION.
Implement Range Validation: Add validation checks to ensure that toDistribute falls within a reasonable range and that the result is non-zero when expected.

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.