First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: low

Invalid

Lack of input validation in `Kitty-fi` contract

brene

Summary

The Kitty-Fi contract, specifically the meownufactureKittyVault, depawsitMeowllateral, executeWhiskdraw and burnKittyCoin functions, lacks proper input validation.

Vulnerability Details

The meownufactureKittyVault function does not validate the _token and _priceFeed addresses before creating a new vault although it checks if the _token already exists. Invalid or malicious addresses could be passed, leading to incorrect or harmful vault creation. The function does not also check if _priceFeed is a valid contract address, which could lead to incorrect price feed data or contract failures.

>> function meownufactureKittyVault(address _token, address _priceFeed) external onlyMeowntainer {

require(tokenToVault[_token] == address(0), KittyPool__TokenAlreadyExistsMeeoooww());

address _kittyVault = address(new KittyVault{ salt: bytes32(abi.encodePacked(ERC20(_token).symbol())) }(_token, address(this), _priceFeed, i_euroPriceFeed, meowntainer, i_aavePool));

tokenToVault[_token] = _kittyVault;

vaults.push(_kittyVault);

}

The depawsitMeowllateral, executeDepawsit, whiskdrawMeowllateral does not check if _ameownt is greater than zero.

function depawsitMeowllateral(address _token, uint256 _ameownt) external tokenExists(_token) {

IKittyVault(tokenToVault[_token]).executeDepawsit(msg.sender, _ameownt);

}

function executeDepawsit(address _user, uint256 _ameownt) external onlyPool {

uint256 _totalMeowllateral = getTotalMeowllateral();

uint256 _cattyNipGenerated;

if (_totalMeowllateral == 0) {

>> _cattyNipGenerated = _ameownt;

}

else {

_cattyNipGenerated = _ameownt.mulDiv(totalCattyNip, _totalMeowllateral);

}

userToCattyNip[_user] += _cattyNipGenerated;

totalCattyNip += _cattyNipGenerated;

totalMeowllateralInVault += _ameownt;

IERC20(i_token).safeTransferFrom(_user, address(this), _ameownt);

}

function burnKittyCoin(address _onBehalfOf, uint256 _ameownt) external {

kittyCoinMeownted[_onBehalfOf] -= _ameownt;

i_kittyCoin.burn(msg.sender, _ameownt);

}

function executeWhiskdrawal(address _user, uint256 _cattyNipToWithdraw) external onlyPool {

uint256 _ameownt = _cattyNipToWithdraw.mulDiv(getTotalMeowllateral(), totalCattyNip);

userToCattyNip[_user] -= _cattyNipToWithdraw;

totalCattyNip -= _cattyNipToWithdraw;

totalMeowllateralInVault -= _ameownt;

IERC20(i_token).safeTransfer(_user, _ameownt);

}

The executeWhiskdrawal does not check if the amount to withdraw is not zero.

Impact

Malicious or incorrect inputs could disrupt the normal operation of the contract, leading to DoS attacks. Also functions might behave unexpectedly if they receive invalid inputs, potentially leading to incorrect state changes or financial losses.

Tools Used

Manual Review

Recommendations

Ensure all input parameters are validated for correctness and expected ranges.

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.