Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Zero address check is missing, as well as check to ensure given address is not the Lender.sol or any other protocol contract's instance

0xscsamurai

Summary

Zero address check is missing, as well as check to ensure given address is not the Lender.sol or any other protocol contract's instance.

Vulnerability Details

n/a

Impact

Risk/Damage/Threat:

Fees will be lost if sent to zero address.
If sent to any protocol contract accidentally/intentionally by rogue onlyOwner, then added fees could mess with expected/valid contract state, and potentially enable currently impossible attack vectors.

Tools Used

VSC, manual

Recommendations

either use require() statement or if statement with custom error for revert(for gas optimization).

function setFeeReceiver(address _feeReceiver) external onlyOwner {
		require(_feeReceiver != address(0));
		/// and maybe an if statement block here to ensure _feeReceiver cannot be any protocol contract addresses
    feeReceiver = _feeReceiver;
}

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.