First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Valid

The `executeWhiskdrawal` function expects the input amount to be in CattyNip shares, but the `purrgeBadPawsition` function is passing the value in Euros, which is Incorrect.

14xSachet

Summary

The purrgeBadPawsition function is responsible for the distribution of the rewards to the liquidators for liquidating a bad user and removing him from the system. The value calculated to be sent to the liquidator is in Euros, while the executeWhiskdrawal function accepts the input amount in shares. This leads to incorrect amount being sent to the liquidator.

Vulnerability Details

The value to be sent is calculated in Euros, which cannot be directly passed in the withdraw function which deals with shares.

for (uint256 i; i < vaults_length; ) {

IKittyVault _vault = IKittyVault(vaults[i]);

uint256 vaultCollateral = _vault.getUserVaultMeowllateralInEuros(_user);

uint256 toDistribute = vaultCollateral.mulDiv(redeemPercent, PRECISION);

uint256 extraCollateral = vaultCollateral - toDistribute;

uint256 extraReward = toDistribute.mulDiv(REWARD_PERCENT, PRECISION);

extraReward = Math.min(extraReward, extraCollateral);

// executeWhiskdrawal takes cattyNip shares as input not Euros!

_vault.executeWhiskdrawal(msg.sender, toDistribute + extraReward);

unchecked {

++i;

}

Impact

Incorrect amount being sent to the liquidators for liquidating the positions. This affects the accounting of the protocol and breaks the system.

Tools Used

VSCode

Recommendations

Convert the value calculated in Euros in terms of the collateral tokens and then to the respective shares it corresponds to. Then pass those no. of shares as input in the executeWhiskdrawal function.

Updates

Lead Judging Commences

shikhar229169 Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

`purrgeBadPawsition` calculates collateral to be distributed in terms of euros, which is incorrect.

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.