Submission Details
Severity:
Function meowintKittyCoin doesn't check zero amount, user still pay gas when no anything changed.
Summary
User input zero amount when call meowintKittyCoin(uint256 _ameownt), Nothing changed, but still pay gas.
Vulnerability Details
input _ameownt as zero, the function will still be executed, Nothing changed, but still pay gas.
function meowintKittyCoin(uint256 _ameownt) external {
kittyCoinMeownted[msg.sender] += _ameownt;
i_kittyCoin.mint(msg.sender, _ameownt);
require(
_hasEnoughMeowllateral(msg.sender),
KittyPool__NotEnoughMeowllateralPurrrr()
);
}
POC
function test_poc_userCanMintZeroKittyCoins() public {
uint256 toDeposit = 5 ether;
vm.startPrank(user);
IERC20(weth).approve(address(wethVault), toDeposit);
kittyPool.depawsitMeowllateral(weth, toDeposit);
kittyPool.meowintKittyCoin(0);
vm.stopPrank();
}
as forge gas report, the invalid execution cost gas.
src/KittyPool.sol:KittyPool contract Deployment Cost Deployment Size 2408727 11603 Function Name min avg median max # calls depawsitMeowllateral 173650 173650 173650 173650 1 getKittyCoin 250 250 250 250 1 getTokenToVault 592 592 592 592 1 meowintKittyCoin 133945 133945 133945 133945 1 meownufactureKittyVault 997863 997863 997863 997863 1
Tools Used
Manual
Recommendations
Check _ameownt, must greater then zero.
error KittyPool__UserNoEnoughKittyCoins();
function meowintKittyCoin(uint256 _ameownt) external {
require(_ameownt > 0, KittyPool__UserNoEnoughKittyCoins());
kittyCoinMeownted[msg.sender] += _ameownt;
i_kittyCoin.mint(msg.sender, _ameownt);
require(
_hasEnoughMeowllateral(msg.sender),
KittyPool__NotEnoughMeowllateralPurrrr()
);
}
Rewards breakdown
nSLOC
224This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.