First Flight #21: KittyFi

First Flight #21

Beginner FriendlyDeFiFoundry

100 EXP

View results

Previous Next

Submission Details

Severity: medium

Invalid

potential DoS when fetching pricefeeds

cryptedoji

Summary

Calling latestRoundData() on the chainlink aggregator can potentially revert in some cases leading to Denial of service in certain aspects of the protocol like KittyVault::getUserMeowllateral, KittyVault::executeWhiskdrawal, KittyVault::getUserVaultMeowllateralInEuros and KittyVault::executeDepawsit

Vulnerability Details

Calls to the chainlink oracle pricefeeds could potentially revert, which may result in a complete Denial-of-Service to the protocol. Chainlink multisigs can immediately block access to price feeds at will. Hence, It is not a guarantee that the oracle will work 100% always so in the event that the oracle reverts, the protocol will be unusable to users.

Impact

Tools Used

Recommendations

In KittyVault::getTotalMeowllateralInAave and KittyVault::getUserVaultMeowllateralInEuros, Wrap the i_priceFeed.latestRoundData() and i_euroPriceFeed.latestRoundData() function calls in the in a try catch block to handle possible unexpected oracle reverts.

Updates

Lead Judging Commences

shikhar229169 Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Rewards breakdown

nSLOC

224

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.