Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Auction length may be shorter than the difference between two blocks

sobieski

Summary

Currently the setPool() method, which creates a pool in the Lender contract, only checks if the auctionLength is smaller or equal to the MAX_AUCTION_LENGTH and not equal to 0. The lower bound for the auction duration is not restrictive enough. As a result, it is possible to create auctions that will be doomed to failure.

Vulnerability Details

A malicious lender can create a pool with auctionLength set to a value smaller than the timestamp difference between two blocks, for example 1 second. The only scenario in which someone buys the loan in the same block as the auction started is by utilizing backrunning and accepting 0 interestRate, which is highly improbable. Therefore this auction will have almost no chance at succeeding and the lender will be guaranteed to claim the collateral.

Impact

Malicious lenders can claim collaterals without a valid auction, given that they trick the user to borrow from their maliciously configured pool.

Tools Used

Manual review

Recommendations

Change the lower bound of the auctionLenght to a more reasonable value, such as 12 hours.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.