First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Incorrect Collateral Value Supplied in Aave by KittyVault::getTotalMeowllateralInAave

ayamercy

Summary

The function KittyVault::getTotalMeowllateralInAave returns an incorrect value for the collateral supplied to Aave due to a flawed calculation involving price feeds and precision handling.

Vulnerability Details

In the getTotalMeowllateralInAave function, the calculation intended to return the total collateral value supplied to Aave in euros is incorrect. The issue arises from the improper handling of the price feed data and precision scaling, which results in an inaccurate representation of the collateral value.

function getTotalMeowllateralInAave() public view returns (uint256) {

(uint256 totalCollateralBase, , , , , ) = i_aavePool.getUserAccountData(address(this));

(, int256 collateralToUsdPrice, , , ) = i_priceFeed.latestRoundData();

@> return totalCollateralBase.mulDiv(PRECISION, uint256(collateralToUsdPrice) * EXTRA_DECIMALS);

}

PoC

Add the following to KittyFiTest.t.sol test file:

function test_totalCollateralInAvee() public {

// 1. user makes a deposit

uint256 toDeposit = 5 ether;

vm.startPrank(user);

IERC20(weth).approve(address(wethVault), toDeposit);

kittyPool.depawsitMeowllateral(weth, toDeposit);

vm.stopPrank();

console.log("total collater in vault before supplying to Aave:", wethVault.getTotalMeowllateral());

console.log("collateral in Aave:",wethVault.getTotalMeowllateralInAave());

// 2. collateral is supplied to Aavee

vm.startPrank(meowntainer);

wethVault.purrrCollateralToAave(toDeposit);

console.log("total collater in vault when supplied", wethVault.getTotalMeowllateral());

console.log("collateral in Aave:",wethVault.getTotalMeowllateralInAave());

assert(wethVault.getTotalMeowllateral() != toDeposit);

//IAavePool aave = wethVault.getAavePool();

//(uint256 totalCollateralBase,,,,,) = aave.getUserAccountData(address(wethVault));

//console.log("totalCollateralBase: ", totalCollateralBase);

// 3. collateral is withdrawn from Aave

wethVault.purrrCollateralFromAave(toDeposit);

console.log("total collater in vault after withdrawing it", wethVault.getTotalMeowllateral());

console.log("collateral in Aave:",wethVault.getTotalMeowllateralInAave());

assert(wethVault.getTotalMeowllateral() == toDeposit);

}

Impact

Incorrect Collateral Reporting: The inaccurate calculation may lead to an incorrect report of the collateral value held in Aave, affecting system operations such as risk assessments, liquidation processes, and user balances.

Financial Discrepancies: Users may experience financial inconsistencies due to incorrect collateral values, potentially leading to unexpected liquidations or misallocated rewards.

Tools Used

Manual review
Foundry

Recommendations

Correct the Calculation: Adjust the calculation to ensure the precision is properly handled when converting the collateral value from Aave's base units to euros.

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.