Beedle - Oracle free perpetual lending

Summary

Missed updating of auctionLength

Vulnerability Details

As the loan is bought and sold from one pool to another,
everything about the loan is updated, but the auctionLength
is not updated to match the pool.

This can lead to issues when transferring loans between different pools.

For example, the following scenario might not play out well:

• Lets say there exists the following pools with their correspoding auction lengths:

  • Pool 1: auctionLength = 10

  • Pool 2: auctionLength = 20

  • *Pool 3: auctionLength = 30

• Lets say that there is a loan in Pool 1. Its auctionLength will be 10.

• Now, when the loan gets bought from Pool 1 to Pool 3, then the auctionLength remains to be 10

  • Ideally it should have been updated to 30 to match the pool's auction length

• Now, lets say that the Loan is again moved from Pool 3 to Pool 2, then the auctionLength still remains as 10

  • Now this is a problem, as if in the previous step the auctionLength was updated to 30, then this operation would not be allowed, as the current auction length of the destination pool (Pool 2) is 20, which would have been less than the auction length of the loan.

So this allows the movement of the loan across the pools but the auction of the loans would not last as long as the pool is configured for it to be.

Link to code - https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L419

Link to code - https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#521

Tools Used

Code Review

Recommendations

Update auctionLength

Auditor

NeoCrao