KittyVault::getTotalMeowllateralInAave computes wrong values for totalCollateral
Summary
The formula totalCollateralBase.mulDiv(PRECISION, uint256(collateralToUsdPrice) * EXTRA_DECIMALS) that is used in the above function to calculate the total collateral value in the aave vault is wrong. .
Vulnerability Details
Because the supposed numerator and denominator are used interchangeably, the formular leads to huge precision loss in the computation to the tune of over 1e8. This vulnerability directly affects EITHER the collateral depositors OR the protocol. if uint256(collateralToUsdPrice) * EXTRA_DECIMALS amounts to a value greater than PRECISION, the depositor gets more share(hence protocol loses) and vice versa.
Impact
loss of funds for user or protocol when calculating user share in the vault (depending on which of
uint256(collateralToUsdPrice) * EXTRA_DECIMALSandPRECISIONis bigger )protocol may become insolvent if depositors get more shares than they deposted; OR part of user funds(collateral) may get stuck in the protocol
Tools Used
manual review
Recommendations
In order to get the accurate value of totalCollateral, the totalCollateralBase should be multiplied by the uint256(collateralToUsdPrice) * EXTRA_DECIMALS and then divided by the PRECISION
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.