First Flight #21: KittyFi
First Flight #21
Beginner FriendlyDeFiFoundry
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Potential Issue with Collateral Check in `whiskdrawMeowllateral` Function

brene

Summary

The whiskdrawMeowllateral function in the Kitty-Fi contract includes a collateral check after executing a withdrawal. This check ensures that the user maintains sufficient collateral after the withdrawal. However, this can lead to transaction reversion if the user is close to the collateral limit.

Vulnerability Details

The function checks if the user has enough collateral after the withdrawal using _hasEnoughMeowllateral. If the user does not have enough collateral, the transaction reverts. This can lead to a situation where the user is unable to withdraw any collateral if they are close to the collateral limit.

function whiskdrawMeowllateral(address _token, uint256 _ameownt) external tokenExists(_token) {
IKittyVault(tokenToVault[_token]).executeWhiskdrawal(msg.sender, _ameownt);
require(_hasEnoughMeowllateral(msg.sender), KittyPool__NotEnoughMeowllateralPurrrr());
}

Impact

Users may become frustrated if they are unable to withdraw their collateral due to the collateral check, especially if they are close to the collateral limit. This can lead to a poor user experience and reduced trust in the platform. Also reverted transactions result in wasted gas fees, which can be costly for users, especially if they repeatedly attempt to withdraw collateral without success.
Scenario:
Assume a user has a debt of 100 KittyCoins. The required collateral percentage is 169%. Therefore, the user needs at least 169 Euros worth of collateral. The user currently has 170 Euros worth of collateral.
Withdrawal Attempt:
The user attempts to withdraw 5 Euros worth of collateral. The executeWhiskdrawal function is called, reducing the user's collateral to 165 Euros.

Collateral Check:
The _hasEnoughMeowllateral function is called to check if the user still has enough collateral. The required collateral remains 169 Euros (since the user's debt hasn't changed). Since the user's collateral (165 Euros) is now less than the required collateral (169 Euros), the transaction reverts with the error KittyPool_NotEnoughMeowllateralPurrrr().

Outcome:
The user is unable to withdraw any collateral, leading to frustration and wasted gas fees.

Tools Used

Manual Review

Recommendations

Before executing the withdrawal, check if the user will have enough collateral after the withdrawal. This can prevent unnecessary gas expenditure and transaction reversion.

function whiskdrawMeowllateral(address _token, uint256 _ameownt) external tokenExists(_token) {
uint256 userCollateralAfterWithdrawal = getUserMeowllateralInEuros(msg.sender) - _ameownt;
uint256 collateralRequiredInEuros = kittyCoinMeownted[msg.sender].mulDiv(COLLATERAL_PERCENT, COLLATERAL_PRECISION);
require(userCollateralAfterWithdrawal >= collateralRequiredInEuros, KittyPool__NotEnoughMeowllateralPurrrr());
IKittyVault(tokenToVault[_token]).executeWhiskdrawal(msg.sender, _ameownt);
}
Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.