Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

`refinance()` incorrectly updates `poolBalance`, which enables griefing of lenders

0xDetermination

Summary

refinance function in Lender.sol mistakenly decreases pools[poolId].poolBalance twice; enables griefing of lenders

Vulnerability Details

Because refinance() mistakenly decreases pools[poolId].poolBalance twice (lines 636 and 698), an attacker can repeatedly refinance loans to a pool to decrease the poolBalance to zero. (Note that loans can be refinanced to the same pool.) The lender will be unable to withdraw those funds from the pool, and their pool will not be able to loan to borrowers. The funds become locked in the Lender.sol contract with no avenue for recovery.

Impact

Lender loses all their unlent funds, and those funds are no longer available to lend. User funds are directly at risk.

Tools Used

Recommendations

Delete lines 697-698 in Lender.sol

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.