The KittyPool
smart contract contains a critical vulnerability. An attacker can exploit the KittyPool::burnKittyCoin
function by manipulating other user's account balances.
The KittyPool contract contains a critical vulnerability in its KittyPool::burnKittyCoin
function that allows unauthorized manipulation of user balances. This flaw permits any user to reduce another user's internal balance without permission, while incorrectly burning tokens from the caller's account instead of the intended user's account. This creates a significant mismatch between the contract's internal accounting and actual token balances, potentially leading to financial losses and system-wide inconsistencies.
Add this test case to your kittyFi.test.sol
file.
Unauthorized Balance Manipulation:
Any user can call KittyPool::burnKittyCoin
with any address as the _onBehalfOf
parameter.
This reduces the inMeownted
balance of the specified address without any authorization check.
Incorrect Token Burning:
While the function reduces the inMeownted
balance of the _onBehalfOf address, it burns tokens from the msg.sender's balance.
This creates a mismatch between the internal accounting (inMeownted
)and actual token balances.
Manual Review
Make these changes to your KittyPool::burnKittyCoin
function
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.