Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Debt repayment issue due to incorrect loan lender assignment in 'buyLoan' function

qbs

Summary

The buyLoan function updates the loan with the new values, assigning msg.sender address instead of the actual pool.lender as a loan lender.

Vulnerability Details

When a lender no longer desires to continue lending, and there is no lending pool available to provide the loan, they can send the loan to a liquidation auction. Anyone is then able to match an arbitrary pool with a live auction when the parameters of that pool match those of the auction or are more favorable to the borrower. Loan buyer calls buyLoan function, providing a pool and loan ID, which update loan parameters. However, the function assigns msg.sender as a loan lender instead of the actual owner of the chosen pool, who may not have created any pool previously.

Impact

Borrowers may not be able to repay their debt.

Tools Used

Manual review

Recommendations

Assign the actual owner of pool instead of msg.sender address.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.