Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Lender.giveLoan()::Loan’s auctionLength does not update

0xDanielH

Summary

The loan’s auctionLength does not update.

Vulnerability Details

The lender uses giveLoan() function to give his loans to another pool. In the giveLoan() function, various requirements are checked before proceeding to update the state at the end**.**

When a lender give his loan to another pool, the loan’s states are newly saved because the loan needs to follow the settings of the pool that it's being given to. However, the auctionLength of the pool is not updated even if it's different. The auctionLength of the loans in the pool is not kept constant, which could cause problems for lenders if an auction is to take place later on.

loans[loanId].lender = pool.lender;

loans[loanId].interestRate = pool.interestRate;

loans[loanId].startTimestamp = block.timestamp;

loans[loanId].auctionStartTimestamp = type(uint256).max;

loans[loanId].debt = totalDebt;

This also happens in buyLoan() function.

Impact

Inconsistency of pool and potential issues in future auctions.

Tools Used

vscode

Recommendations

add this line at the end of for loop.

loans[loanId].auctionLength = pool.auctionLength;

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.