Beedle - Oracle free perpetual lending

If the length of the arrays are not required to be of the same length, user operations may not be fully executed

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L355

Avoid floating pragmas for non-library contracts.

While floating pragmas make sense for libraries to allow them to be included with multiple different versions of applications, it may be a security risk for application implementations.

A known vulnerable compiler version may accidentally be selected or security tools might fall-back to an older compiler version ending up checking a different EVM compilation that is ultimately deployed on the blockchain.

It is recommended to pin to a concrete compiler version.

Proof Of Concept

The condition does not revert when block.timestamp is equal to the compared > or < variable. For example, if there is a check for block.timestamp > loan.auctionStartTimestamp + loan.auctionLength then there should be a check for cases where block.timestamp is == to loan.auctionStartTimestamp + loan.auctionLength

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L471

Doing so will significantly increase centralization, but will help to prevent hackers from using stolen tokens

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Beedle.sol#L9

Typically, the contract's owner is the account that deploys the contract. As a result, the owner is able to perform certain privileged activities. The OpenZeppelin's Ownable is used in this project contract implements renounceOwnership. This can represent a certain risk if the ownership is renounced for any other reason than by design. Renouncing ownership will leave the contract without an owner, thereby removing any functionality that is only available to the owner.

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Beedle.sol#L9

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Beedle.sol#L11

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L10

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L73

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Staking.sol#L11

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Staking.sol#L31

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/utils/Ownable.sol#L4

The critical procedures should be two step process.

See similar findings in previous Code4rena contests for reference:
https://code4rena.com/reports/2022-06-illuminate/#2-critical-changes-should-use-two-step-procedure

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L84

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L92

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L100

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L130

Recommended Mitigation Steps

Lack of two-step procedure for critical operations leaves them error-prone. Consider adding two step procedure on the critical functions.

Consider adding parameters to the error to indicate which user or values caused the failure

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/utils/Errors.sol#L4-L18

Interfaces should be declared on a separate file and not on the same file where the contract resides in.

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Staking.sol#L7

To avoid mistakenly accepting empty bytes as a valid value, consider to check for empty bytes. This helps ensure that empty bytes are not treated as valid inputs, preventing potential issues.

Proof Of Concept

Proof Of Concept

In Solidity, while function overriding allows for functions with the same name to coexist, it is advisable to avoid this practice to enhance code readability and maintainability. Having multiple functions with the same name, even with different parameters or in inherited contracts, can cause confusion and increase the likelihood of errors during development, testing, and debugging. Using distinct and descriptive function names not only clarifies the purpose and behavior of each function, but also helps prevent unintended function calls or incorrect overriding. By adopting a clear and consistent naming convention, developers can create more comprehensible and maintainable smart contracts.

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Staking.sol#L8

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Staking.sol#L53

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L232

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L355

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L465

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L591

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L84

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L92

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L100

delete a assigns the initial value for the type to a. i.e. for integers it is equivalent to a = 0, but it can also be used on arrays, where it assigns a dynamic array of length zero or a static array of the same length with all elements reset. For structs, it assigns a struct with all members reset. Similarly, it can also be used to set an address to zero address. It has no effect on whole mappings though (as the keys of mappings may be arbitrary and are generally unknown). However, individual keys and what they map to can be deleted: If a is a mapping, then delete a[x] will delete the value stored at x.

The delete key better conveys the intention and is also more idiomatic. Consider replacing assignments of zero with delete statements.

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Staking.sol#L56

There is no need to initialize uint variables to zero as their default value is 0

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Staking.sol#L14

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Staking.sol#L16

A check regarding whether the current value and the new value are the same should be added

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L84

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L92

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L100

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Staking.sol#L7

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Beedle.sol#L15

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Beedle.sol#L29

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L355

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L591

It is recommended that Solidity contracts are fully annotated using NatSpec for all public interfaces (everything in the ABI). It is clearly stated in the Solidity official documentation. In complex projects such as Defi, the interpretation of all functions and their arguments and returns is important for code readability and auditability. https://docs.soliditylang.org/en/v0.8.15/natspec-format.html

Proof Of Concept

Recommended Mitigation Steps

NatSpec comments should be increased in contracts

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L127

The current form of relative path import is not recommended for use because it can unpredictably pollute the namespace.
Instead, the Solidity docs recommend specifying imported symbols explicitly.
https://docs.soliditylang.org/en/v0.8.15/layout-of-source-files.html#importing-other-source-files

A good example:

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Fees.sol#L4-L5

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L4-L5

Recommended Mitigation Steps

Use specific imports syntax per solidity docs recommendation.

When deploying contracts, you should use the latest released version of Solidity. Apart from exceptional cases, only the latest version receives security fixes.

From the point of view of a user, the changing of the owner of a contract is a high risk operation that may have outcomes ranging from an attacker gaining control over the protocol, to the function no longer functioning due to a typo in the destination address. To give users plenty of warning so that they can validate any ownership changes, changes of ownership should be behind a timelock.

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/utils/Ownable.sol#L19

To maintain readability in code, particularly in Solidity which can involve complex mathematical operations, it is often recommended to limit the number of arithmetic operations to a maximum of 2-3 per line. Too many operations in a single line can make the code difficult to read and understand, increase the likelihood of mistakes, and complicate the process of debugging and reviewing the code. Consider splitting such operations over more than one line, take special care when dealing with division however. Try to limit the number of arithmetic operations to a maximum of 3 per line.

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L724

Check that all public or external functions are override. This is iseful to make sure that the whole API is extracted in an interface.

Proof Of Concept

Instead of using uint to declare uint256, explicitly define uint256 to ensure there is no confusion

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Staking.sol#L38

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Staking.sol#L46

Note that there may be cases where a struct superficially appears to be used, but this is only because there are multiple definitions of the struct in different files. In such cases, the struct definition should be moved into a separate file. The instances below are the unused definitions.

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/utils/Structs.sol#L68

Use (e.g. 1e6) rather than decimal literals (e.g. 100000), for better code readability.

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L59

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L265

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L561

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L650

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L724

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L725

The highest tier of smart contract behavior assurance is formal mathematical verification. All assertions that are made are guaranteed to be true across all inputs → The quality of your asserts is the quality of your verification

https://twitter.com/0xOwenThurm/status/1614359896350425088?t=dbG9gHFigBX85Rv29lOjIQ&s=19

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L59

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L265

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L561

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L650

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L724

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol#L725

Consider using descriptive constants or an enum instead of passing zero directly on function calls, as that might be error-prone, to fully describe the caller's intention.

Proof Of Concept

https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Fees.sol#L38