First Flight #21: KittyFi

First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Submission Details
Severity: medium
Invalid

Missing Authorization Check for purrrCollateralToAave and purrrCollateralFromAave in KittyVault.sol

Summary

The purrrCollateralToAave and purrrCollateralFromAave functions lack a more robust authorization mechanism to ensure that only authorized entities can perform these critical operations.

Vulnerability Details

  • Location: purrrCollateralToAave and purrrCollateralFromAave functions.

  • Description: The contract uses a simple ownership check (onlyMeowntainer) for managing critical operations like supplying and withdrawing collateral to and from Aave. This can be restrictive and might require more flexibility and security.

Impact

  • Severity: Medium

  • Effect: The lack of a more granular authorization mechanism can lead to difficulties in managing the contract and could become a security risk if the meowntainer compromise occurs.

Tools Used

Manual code review

Recommendations

Implement a more flexible and granular authorization system, such as a multi-signature wallet or a role-based access control mechanism.

Updates

Lead Judging Commences

shikhar229169 Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.