First Flight #21: KittyFi

First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Submission Details
Severity: high
Invalid

burnKittyCoin() in KittyPool.sol should check if _hasEnoughMeowllateral()

Summary

A user with a bad debt can burn kittyCoin to avoid future liquidation because of a lack of debt check.

https://github.com/Cyfrin/2024-08-kitty-fi/blob/main/src/KittyPool.sol#L112

Vulnerability Details

The function burnKittyCoin() in KittyPool.sol doesn't consider the user's debt state. It doesn't check if msg.sender has a bad debt or not / can or cannot be liquidated, before autorizing to burn kittyCoin.

function burnKittyCoin(address _onBehalfOf, uint256 _ameownt) external {
kittyCoinMeownted[_onBehalfOf] -= _ameownt;
i_kittyCoin.burn(msg.sender, _ameownt);
}

Should add :

require(_hasEnoughMeowllateral(msg.sender), KittyPool__NotEnoughMeowllateralPurrrr());

before burning kittyCoin.

Impact

Stablecoin not being properly collateralized.

Recommendations

Replace the burnKittyCoin() code with :

function burnKittyCoin(address _onBehalfOf, uint256 _ameownt) external {
require(_hasEnoughMeowllateral(msg.sender), KittyPool__NotEnoughMeowllateralPurrrr());
kittyCoinMeownted[_onBehalfOf] -= _ameownt;
i_kittyCoin.burn(msg.sender, _ameownt);
}
Updates

Lead Judging Commences

shikhar229169 Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.