First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: high

Invalid

H - 1 :: Missing `nonReentrant` Modifier On The KittyVault.sol

Saint123

Summary

Description: The KittyVault smart contract lacks the nonReentrant modifier on several critical functions, including executeDepawsit, executeWhiskdrawal, purrrCollateralToAave, and purrrCollateralFromAave. This omission exposes the contract to reentrancy attacks, a common and severe vulnerability in Solidity contracts.

Impact: Reentrancy attacks can occur when a malicious actor repeatedly calls a function before the previous execution is completed. This can lead to unintended behaviors such as:

Draining funds from the contract.
Unauthorized access to sensitive operations.
Compromised contract integrity and trust.

Likelihood: The likelihood of exploitation is high due to the prevalence of reentrancy attacks in the Ethereum ecosystem and the ease with which they can be executed if the contract is not properly protected.

Recommendation: Implement the nonReentrant modifier from OpenZeppelin's ReentrancyGuard library to critical functions. This will prevent reentrant calls to these functions and mitigate the risk of reentrancy attacks.

import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; contract KittyVault is ReentrancyGuard { // ... existing code ... function executeDepawsit(address _user, uint256 _ameownt) external onlyPool nonReentrant { // ... existing code ... } function executeWhiskdrawal(address _user, uint256 _cattyNipToWithdraw) external onlyPool nonReentrant { // ... existing code ... } function purrrCollateralToAave(uint256 _ameowntToSupply) external onlyMeowntainer nonReentrant { // ... existing code ... } function purrrCollateralFromAave(uint256 _ameowntToWhiskdraw) external onlyMeowntainer nonReentrant { // ... existing code ... } // ... existing code ... }

Conclusion: Adding the nonReentrant modifier is a crucial step in securing the KittyVault contract against reentrancy attacks. This enhances the overall security and reliability of the contract, ensuring the safety of user funds and operations.

Vulnerability Details

The KittyVault contract lacks the nonReentrant modifier for critical functions that handle deposits, withdrawals, and interactions with external protocols. This absence makes the contract vulnerable to reentrancy attacks, where an attacker can exploit the contract by repeatedly calling a function before the previous execution is complete, potentially draining funds from the contract.

Affected Functions:

executeDepawsit
executeWhiskdrawal
purrrCollateralToAave
purrrCollateralFromAave

Impact

Reentrancy attacks can allow an attacker to manipulate the contract state in unexpected ways, leading to significant financial loss. Specifically, an attacker could:

Withdraw more funds than they are entitled to.
Interfere with the internal accounting of deposits and withdrawals, leading to inconsistencies.
Drain the contract's funds by repeatedly calling vulnerable functions.

Exploit Scenario:

An attacker deposits a small amount of collateral.
The attacker initiates a withdrawal, and before the transaction completes, the attacker re-enters the executeWhiskdrawal function.
The contract state is not updated between the calls, allowing the attacker to withdraw more funds than they originally deposited.
This process can be repeated in a loop, draining the contract's funds.

Tools Used

Manual review, Foundry

Recommendations

To mitigate this vulnerability, apply the nonReentrant modifier from OpenZeppelin's ReentrancyGuard to the affected functions. This will prevent reentrancy attacks by ensuring that no function can be called while it is already executing.

Example Fix:

import "@openzeppelin/contracts/security/ReentrancyGuard.sol"; contract KittyVault is ReentrancyGuard { //... function executeDepawsit(address _user, uint256 _ameownt) external onlyPool nonReentrant { // Function implementation } function executeWhiskdrawal(address _user, uint256 _cattyNipToWithdraw) external onlyPool nonReentrant { // Function implementation } function purrrCollateralToAave(uint256 _ameowntToSupply) external onlyMeowntainer nonReentrant { // Function implementation } function purrrCollateralFromAave(uint256 _ameowntToWhiskdraw) external onlyMeowntainer nonReentrant { // Function implementation } //... }

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.