First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Reentrancy Vulnerability in whiskdrawMeowllateral Function

soloking

Summary

The whiskdrawMeowllateral function executes a withdrawal via an external call to the IKittyVault contract before verifying that the caller has sufficient collateral. This sequence allows for reentrancy attacks where an attacker can re-enter the contract and withdraw more funds than intended.

Vulnerability Details

In the whiskdrawMeowllateral function, the call to IKittyVault(tokenToVault[_token]).executeWhiskdrawal is performed before the require check that ensures the caller has enough collateral. This opens up the function to a reentrancy attack, allowing the attacker to recursively call the whiskdrawMeowllateral function and drain funds.

Code Snippet

function whiskdrawMeowllateral(address _token, uint256 _ameownt) external tokenExists(_token) { IKittyVault(tokenToVault[_token]).executeWhiskdrawal(msg.sender, _ameownt); require(_hasEnoughMeowllateral(msg.sender), KittyPool__NotEnoughMeowllateralPurrrr()); }

Impact

An attacker can exploit this vulnerability to:

Drain the funds from the contract by re-entering the function multiple times.
Cause the contract to behave unexpectedly, leading to potential financial loss and instability.

Tools Used

Manual

Recommendations

To mitigate this vulnerability, follow the Checks-Effects-Interactions pattern by moving the require check before the external call. Here is the revised function:

function whiskdrawMeowllateral(address _token, uint256 _ameownt) external tokenExists(_token) { require(_token != address(0), "Invalid token address"); require(_ameownt > 0, "Amount must be greater than zero"); require(_hasEnoughMeowllateral(msg.sender), KittyPool__NotEnoughMeowllateralPurrrr()); IKittyVault(tokenToVault[_token]).executeWhiskdrawal(msg.sender, _ameownt); }

By reordering the checks and the external call, the function ensures that the state is validated before interacting with external contracts, effectively preventing reentrancy attacks.

Updates

Lead Judging Commences

shikhar229169 Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.