Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Refinancing a loan will wrongly reduce the available balance of the new pool twice

abarbatei

Summary

When refinancing a loan, at one point in the logic, the new pool takes up the newly calculated debt (that includes the old debt and interest plus fees). This new debt, however is incorrectly deducted twice leading to lender funds being stuck in the contract.

Vulnerability Details

Refinancing a loan via Lender:refinance updates the new pool's balance by subtracting the necessary debt. This misstakenly is done twice:

// now lets deduct our tokens from the new pool
_updatePoolBalance(poolId, pools[poolId].poolBalance - debt);
pools[poolId].outstandingLoans += debt;

where Lender::_updatePoolBalance is:

/// @notice update the balance of a pool and emit the event
/// @param poolId the id of the pool to update
/// @param newBalance the new balance of the pool
function _updatePoolBalance(bytes32 poolId, uint256 newBalance) internal {
pools[poolId].poolBalance = newBalance;
emit PoolBalanceUpdated(poolId, newBalance);
}
// update pool balance
pools[poolId].poolBalance -= debt;

Impact

Lender funds will be permanently stuck in the contract due to internal accounting issue.

Tools Used

Manual analysis.

Recommend Mitigation

Delete the second pool updated from line 698

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.