First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

Incorrect Oracle Price Feed Address for BTC

cryptedoji

Summary

In the deployment configuration file, HelperConfig.s.sol, the wrong pricefeed address is set for BTC/USD. this leads to getting a wrong pricing for BTC/USD

Vulnerability Details

Since the pricefeed address used for BTC/USD is that of ETH/USD, this leads to the protocol calculating with the wrong pricing always and hence leads to loss of funds for BTC users

Impact

loss of funds for BTC users because the KittyVault contract will always calculate their collateral value to be less than the true worth of their BTC in the vault

Tools Used

-manual review

Recommendations

change the pricefeed address to the correct BTC/USD pricefeed address which is 0x1b44F3514812d835EB1BDB0acB33d3fA3351Ee43

Updates

Lead Judging Commences

shikhar229169 Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.