First Flight #21: KittyFi

First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Submission Details
Severity: high
Valid

Incorrect Calculation of User Collateral Value in Euros on `Kitty.sol::getUserVaultMeowllateralInEuros`

Summary

The function getUserVaultMeowllateralInEuros is critical for determining the value of user collateral. However, there is an issue with the current calculation. Given the conversion rate of 1 EUR = 1.09 USD, the value in euros should be less than in USD. The current formula used:

collateralAns.mulDiv(uint256(euroPriceFeedAns) * EXTRA_DECIMALS, PRECISION);

results in a value that is consistently higher than the original collateral amount (collateralAns). This discrepancy occurs because the formula incorrectly scales the conversion rate.

Vulnerability Details

The calculation does not accurately reflect the conversion from USD to EUR. Given the current rate of 1 EUR = 1.09 USD, the value in euros should be lower than in USD. However, the formula provided leads to inflated results:

collateralAns.mulDiv(uint256(euroPriceFeedAns) * EXTRA_DECIMALS, PRECISION);

This error results in the getUserVaultMeowllateralInEuros function returning a value that exceeds the USD equivalent of the collateral, contradicting the expected behaviour where EUR should be less than USD.

Proof of Concept (POC)

  1. Deposit 5 ether into the vault.

  2. Mint 5 ether from the pool.

  3. Observe that the output of getUserVaultMeowllateralInEuros(user) is greater than the USD value of 5 ether. Since 1 EUR = 1.09 USD, the EUR value should be lower than the USD value, but this is not reflected correctly in the current implementation.

Impact

The incorrect calculation of collateral value in euros has significant implications for the KittyVault.sol smart contract, particularly affecting the following areas:

  1. Collateral Valuation Accuracy:

    The current formula inflates the euro value of collateral, resulting in a value that is higher than expected given the USD to EUR conversion rate. This misvaluation can lead to inaccurate assessments of collateral worth, potentially affecting liquidity and risk management within the system.

  2. User Funds and Liquidation Risks:

    Users’ collateral might be undervalued or misrepresented, leading to potential issues with collateral requirements and liquidation thresholds. Users could face unintended liquidation risks or incorrect collateral requirements, which can erode trust in the system and affect user experience.

Tool Used

Manual

Recommendation

To correct the calculation and ensure the proper conversion of collateral value from USD to EUR, update the formula as follows:

collateralAns.mulDiv(
PRECISION,
uint256(euroPriceFeedAns) * EXTRA_DECIMALS
);

By adjusting the formula in this way, the calculation will accurately reflect the value of the collateral in euros, taking into account the correct conversion rate

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

`getUserVaultMeowllateralInEuros` performs incorrect conversion from usdc to euro

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.