First Flight #21: KittyFi
First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

ADDRESS VALIDATION MISSING

Auditor0x1

Vulnerability Description

Address validation is missing in many functions in which user-supplied input is assigned to state variables directly. This could lead to irrecoverable loss of tokens or sensitive contract features.

Vulnerability Details

This report examines the kittyVault.sol contract, specifically focusing on the executeDepawsit and executeWhiskdrawal functions. Both functions are responsible for handling token deposits and withdrawals but exhibit a significant vulnerability related to address validation. The absence of proper checks for the _user address in these functions could lead to critical issues, including potential token loss and contract misuse.

executeDepawsit Function

function executeDepawsit(address _user, uint256 _ameownt) external onlyPool {
uint256 _totalMeowllateral = getTotalMeowllateral();
uint256 _cattyNipGenerated;
if (_totalMeowllateral == 0) {
_cattyNipGenerated = _ameownt;
}
else {
_cattyNipGenerated = _ameownt.mulDiv(totalCattyNip, _totalMeowllateral);
}
userToCattyNip[_user] += _cattyNipGenerated;
totalCattyNip += _cattyNipGenerated;
totalMeowllateralInVault += _ameownt;
IERC20(i_token).safeTransferFrom(_user, address(this), _ameownt);
}

The executeDepawsit function lacks validation to ensure that the _user address is not a zero address (address(0)). This oversight means that if an invalid address is used, tokens transferred could be lost irretrievably. Additionally, the function does not perform any checks to confirm the legitimacy of the _user address, which might result in unintended interactions with invalid or malicious addresses.

executeWhiskdrawal Function

function executeWhiskdrawal(address _user, uint256 _cattyNipToWithdraw) external onlyPool {
uint256 _ameownt = _cattyNipToWithdraw.mulDiv(getTotalMeowllateral(), totalCattyNip);
userToCattyNip[_user] -= _cattyNipToWithdraw;
totalCattyNip -= _cattyNipToWithdraw;
totalMeowllateralInVault -= _ameownt;
IERC20(i_token).safeTransfer(_user, _ameownt);
}

Similarly, the executeWhiskdrawal function suffers from the same vulnerabilities. Without a check to confirm that _user is not a zero address, the function risks transferring tokens to an invalid address, leading to potential loss of assets. The function also misses validation to ensure that _user is an appropriate and legitimate address.

Impact

The impact of these vulnerabilities is significant. Token loss is a primary concern, as transferring tokens to a zero address results in their irrecoverable loss. Moreover, the absence of proper address validation may expose the contract to security risks, such as exploitation by malicious actors or unintended contract behavior. This can undermine user trust and compromise the overall security of the contract.

Tools Used

Thorough manual inspection of the contract functions to identify missing validations.

Recommendations

Implement Zero Address Check:

  • Add a check at the beginning of both functions to ensure _user is not a zero address:

require(_user != address(0), "Invalid address: zero address");

Additional Address Validation:

  • Depending on the contract's requirements, consider additional checks to ensure _user is a valid and intended address for the operation.

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.