Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Lender.sol: Malicious Lender can Frontrun Borrow to Set a High Interest Rate.

pengun

Summary

A malicious lender can frontrun the borrow call to set the interest rate high.

Vulnerability Details

borrow function takes only poolId, debt, and collateral as arguments. It does not receive any information about the user's intended interest rate just uses the pool's interest rate. The interest rate of the pool can be freely changed via setPool. Therefore, a malicious lender can front-run the user's borrow transaction to borrow at the maximum rate.

Impact

A malicious lender can make borrowing at a rate user didn't intend.

Tools Used

VS Code

Recommendations

As an argument to the borrow function, it should receive information about the user's intended interest rate and compare it to the current pool's interest rate.

function borrow(Borrow[] calldata borrows) public { //@audit front run해서 interestRate를 엄청 높여버린다면?
for (uint256 i = 0; i < borrows.length; i++) {
bytes32 poolId = borrows[i].poolId;
uint256 debt = borrows[i].debt;
uint256 collateral = borrows[i].collateral;
uint256 interestRate = borrows[i].interestRate; // <- add this
// get the pool info
Pool memory pool = pools[poolId];
// make sure the pool exists
if (pool.lender == address(0)) revert PoolConfig();
// validate the loan
if (debt < pool.minLoanSize) revert LoanTooSmall();
if (debt > pool.poolBalance) revert LoanTooLarge();
if (collateral == 0) revert ZeroCollateral();
// @audit add interestRate validation
if(interestRate == pool.interestRate) revert InterestRateError();
...

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.