Beedle - Oracle free perpetual lending

Summary

the lender can block users from continuous loans with updating the max loan ratio to unacepble ratio in the middle of the loan.

Vulnerability Details

The Paradigm Explanation of Continuous Loans:

We could imagine shortening the loan period until it is infinitesimal. If, at any moment, the lender becomes concerned about the safety of the collateral, they could trigger a refinancing auction.
This lets us drop the concept of expiration times and loan periods. By default, loans continue indefinitely until some user interacts with the contract. Interest is accumulated continuously, and the repayment amount is calculated on the fly whenever needed.
A borrower can repay at any time. If a borrower wants to change the amount they have borrowed or get a better interest rate, they can atomically take out a new loan against the collateral and use the new principal to repay the old loan.

Impact

so we know for the ecosystem of this design flow user can take out a new loan against the collateral and use the new principal to repay the old loan.

that lenders decide to give loans on the ratio of collateral/loan amount depending on their strategy but there is a function called updateMaxLoanRatio in the lender.sol contract for updating loanratio of specific poolid but not checking whether the pool has an outstanding loan or not and gives the ability to the lender to adjust that amount whenever they want, so this means a lender can set a very very bad LoanRatio for example 10-1 in the middle of the outstanding loan and then when user wants to borrow to repay loan as continuous model says. use will be shocked to see the lender set a very very bad loan ratio and in the end, the user who waited and trusted this system will be liquidated.

Tools Used

Manually

Recommendations

• consider implementing loan outstandings checks for pool

• consider reducing ratio number