A user with a bad debt can burn
kittyCoin to avoid future liquidation because of a lack of debt check.
https://github.com/Cyfrin/2024-08-kitty-fi/blob/main/src/KittyPool.sol#L112
The function burnKittyCoin()
in KittyPool.sol
doesn't consider the user's debt state. It doesn't check if msg.sender
has a bad debt or not / can or cannot be liquidated, before autorizing to burn
kittyCoin.
Should add :
before burning kittyCoin.
Stablecoin not being properly collateralized.
Replace the burnKittyCoin()
code with :
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.