if one user call burnKittyCoin, input another's address. Another can get more kittyCoins which under the COLLATERAL_PERCENT, and the caller's meowllateral will stuck in the kittypool forever.
1: Asume two users deposited meowllateral, and mint kittyCoins.
2: User1 input user2's address as _onBehalfOf. which leads user2's debt record decreased and user1's kittycoin's balance decreased.
3: For now, user1 can mint more kittyCoins because his debt decreased.
user2 can't withdraw his meowllateral, because no/less kittyCoins(blew poc show all kittyCoins burned), So he can't burn kittyCoin again, and then user2 can't decreased the debt. so can't withdraw his meowllateral.
POC
Some users have more kittyCoin(EUR) that under the collateral_percent(169%), others's meowllateral stuck in the contract forever.
Above poc's result
user1........................start
collllaterl Vaule in EUR 247
KittyCoin balance recorded in kittyPool 145
KittyCoin balance 145
user1........................end
user2........................start
collllaterl Vaule in EUR 247
KittyCoin balance recorded in kittyPool 145
KittyCoin balance 145
user2........................end
After Malicious operations
user1........................start
collllaterl Vaule in EUR 247
KittyCoin balance recorded in kittyPool 145
KittyCoin balance 290
user1 collateral_percent 85 Under collateral_percent, skip the pool's limitation
user1........................end
user2........................start
collllaterl Vaule in EUR 247
KittyCoin balance recorded in kittyPool 145
KittyCoin balance 0 No kittycoin, can't call burnKittyCoin. then meowllateral stuck forever.
user2........................end
Mannual
Keep consistant when user call burnKittyCoin: user call only burn his kittyCoins.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.