Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Lender.sol - Reentrancy Vulnerability when using ERC777 loan tokens

0xpep7

Summary

Lender.sol - Reentrancy Vulnerability when using ERC777 loan tokens

Vulnerability Details

Since the protocol is expected to support all ERC20-compatible tokens, ERC777 tokens (backward compatible with of ERC20) should be supported too. In Lender.sol, the contract does not follow the CEI pattern correctly, updating pools storage after the token transfer. This makes the contract vulnerable to reentrancy attacks if the malicious pool lender implements tokensReceived hook.

function setPool(Pool calldata p) public returns (bytes32 poolId) {
...
uint256 currentBalance = pools[poolId].poolBalance;
...
} else if (p.poolBalance < currentBalance) {
// if new balance < current balance then transfer the difference back to the lender
IERC20(p.loanToken).transfer(
p.lender,
currentBalance - p.poolBalance
);
}
...
// @audit Effect after Interraction
pools[poolId] = p;
}

Impact

A malicious actor can exploit the reentrancy vulnerability to manipulate the currentBalance - p.poolBalance amount, potentially draining all loanToken in this contract.

Tools Used

Manual Review

Recommendations

To address this vulnerability, ensure that the contract follows the correct Checks-Effects-Interractions pattern, updating pools state before the token transfer.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!