First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

Instead of earning 5 percent bonus, the liquidator gets his collateral stuck in the contract

14xSachet

Summary

In the current liquidation process, a liquidator needs to mint the required amount of KittyCoins in order to burn on behalf of a user. However, to do this, the liquidator must deposit 169 percent more of the value of KittyCoins they intend to mint as collateral. After liquidation, the liquidator receives a 5% bonus on top of the value of KittyCoins burned, but there is an issue with the rest of the collateral. The liquidator transferred almost double the amount required, so they should be able to redeem the excess collateral (total collateral - value burned in KittyCoins). However, attempting to redeem this collateral would break the liquidator's health factor.

Vulnerability Details

Consider the scenario where User A' is undercollateralized and their total debt is 10 KittyCoins. User B decides to liquidate User A and deposits around 17 EUR worth of collateral (since the protocol requires 169% collateralization) and mints 10 KittyCoins. The process unfolds as follows:

B liquidates A.
After liquidation A's debt is cleared and his KittyCoin balance at protocol is 0 but he still has those 10 KittyCoins in his wallet.
B receives 10.5 EUR worth of collateral (10 KittyCoins worth of collateral + 5% bonus) back in their wallet and is left with 0 KittyCoins in their wallet.
B still has 17 EUR worth of collateral deposited in the protocol but their KittyCoinBalance is still 10 KittyCoins in the mappings.
B can not redeem his remaining collateral because if he tries to, his health factor will break as the protocol is 169% collateralized, so after spending 17 EUR he is left with 10.5 EUR.

Consequently, instead of earning a 5% bonus, the liquidator loses 40% of their collateral.

Impact

Liquidators may avoid liquidating users with broken health factors, disrupting the integrity of the protocol, which relies on the assumption that users will be liquidated when their health factor breaks. Eventually protocol will become undercollateralized, breaking the system.

Tools Used

VSCode

Recommendations

Make the collateralization rate and the liquidation bonus arithmetically incentivised so as to allow re-entrancy for a flash loan type of atomic mint within the protocol.
Allow an alternative stable coin to be used for repayment should KittyCoin not be available.

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Liquidator gets disincentivized to liquidate positions as they have to put their own collateral to get KittyCoin, and the resultant profit is negative.

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.