Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Do not hardcode `swapRouter()` address

tsvetanovv

Summary

In Fees.sol we use swapRouter address which is hardcoded:

ISwapRouter public constant swapRouter =

ISwapRouter(0xE592427A0AEce92De3Edee1F18E0157C05861564);

The problem is that this address may not be valid for all chains that will be deployed.

Vulnerability Details

From the discord server, we have information that the protocol will be debugged at different times.

Hardcoding the address of ISwapRouter can lead to issues, especially when deploying the contract across different chains. Different chains may have different addresses and hardcoding an address may limit the contract's portability.

Is better to provide the address as a constructor parameter. This way, when the contract is deployed, the address of the dependency can be specified, allowing the contract to be used across different chains.

Impact

swapRouter maybe not work on some chains

Tools Used

Visual Studio Code

Recommendations

Set swapRouter address in the constructor on every chain.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.