First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Improper State Update and External Call Sequence in meowintKittyCoin Function

soloking

Summary

The meowintKittyCoin function updates the internal state and calls the external i_kittyCoin contract to mint tokens before verifying if the caller has sufficient collateral. This sequence can lead to an inconsistent state if the collateral check fails, as tokens may be minted even when the caller does not have enough collateral.

Vulnerability Details

In the meowintKittyCoin function, the balance of kittyCoinMeownted is updated, and tokens are minted before the function checks if the caller (msg.sender) has enough collateral. If the collateral check fails, the transaction reverts, but the tokens might have already been minted, leading to an incorrect state.

Code Snippet

function meowintKittyCoin(uint256 _ameownt) external { kittyCoinMeownted[msg.sender] += _ameownt; i_kittyCoin.mint(msg.sender, _ameownt); require(_hasEnoughMeowllateral(msg.sender), KittyPool__NotEnoughMeowllateralPurrrr()); }

Impact

An attacker can exploit this vulnerability to mint tokens without having sufficient collateral, resulting in:

Unauthorized token minting, potentially leading to inflation of the token supply.
Financial loss and instability within the contract due to incorrect state updates.

Tools Used

Manual

Recommendations

To mitigate this vulnerability, reorder the operations to ensure the collateral check occurs before any state changes or external calls. Here is the revised function:

function meowintKittyCoin(uint256 _ameownt) external { require(_hasEnoughMeowllateral(msg.sender), KittyPool__NotEnoughMeowllateralPurrrr()); kittyCoinMeownted[msg.sender] += _ameownt; i_kittyCoin.mint(msg.sender, _ameownt); }

Updates

Lead Judging Commences

shikhar229169 Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.