Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: gas

Valid

Long functions should be refactored into multiple, smaller, functions

SolSaver

Summary

Long functions should be refactored into multiple, smaller, functions

Vulnerability Details

File: src/Lender.sol

232: function borrow(Borrow[] calldata borrows) public {

for (uint256 i = 0; i < borrows.length; i++) {

bytes32 poolId = borrows[i].poolId;

uint256 debt = borrows[i].debt;

uint256 collateral = borrows[i].collateral;

// get the pool info

Pool memory pool = pools[poolId];

// make sure the pool exists

if (pool.lender == address(0)) revert PoolConfig();

// validate the loan

if (debt < pool.minLoanSize) revert LoanTooSmall();

if (debt > pool.poolBalance) revert LoanTooLarge();

if (collateral == 0) revert ZeroCollateral();

// make sure the user isn't borrowing too much

uint256 loanRatio = (debt * 10 ** 18) / collateral;

if (loanRatio > pool.maxLoanRatio) revert RatioTooHigh();

// create the loan

Loan memory loan = Loan({

lender: pool.lender,

borrower: msg.sender,

loanToken: pool.loanToken,

collateralToken: pool.collateralToken,

debt: debt,

collateral: collateral,

interestRate: pool.interestRate,

startTimestamp: block.timestamp,

auctionStartTimestamp: type(uint256).max,

auctionLength: pool.auctionLength

});

// update the pool balance

_updatePoolBalance(poolId, pools[poolId].poolBalance - debt);

pools[poolId].outstandingLoans += debt;

// calculate the fees

uint256 fees = (debt * borrowerFee) / 10000;

// transfer fees

IERC20(loan.loanToken).transfer(feeReceiver, fees);

// transfer the loan tokens from the pool to the borrower

IERC20(loan.loanToken).transfer(msg.sender, debt - fees);

// transfer the collateral tokens from the borrower to the contract

IERC20(loan.collateralToken).transferFrom(

msg.sender,

address(this),

collateral

);

loans.push(loan);

emit Borrowed(

msg.sender,

pool.lender,

loans.length - 1,

debt,

collateral,

pool.interestRate,

block.timestamp

);

}

292: function repay(uint256[] calldata loanIds) public {

for (uint256 i = 0; i < loanIds.length; i++) {

uint256 loanId = loanIds[i];

// get the loan info

Loan memory loan = loans[loanId];

// calculate the interest

(

uint256 lenderInterest,

uint256 protocolInterest

) = _calculateInterest(loan);

bytes32 poolId = getPoolId(

loan.lender,

loan.loanToken,

loan.collateralToken

);

// update the pool balance

_updatePoolBalance(

poolId,

pools[poolId].poolBalance + loan.debt + lenderInterest

);

pools[poolId].outstandingLoans -= loan.debt;

// transfer the loan tokens from the borrower to the pool

IERC20(loan.loanToken).transferFrom(

msg.sender,

address(this),

loan.debt + lenderInterest

);

// transfer the protocol fee to the fee receiver

IERC20(loan.loanToken).transferFrom(

msg.sender,

feeReceiver,

protocolInterest

);

// transfer the collateral tokens from the contract to the borrower

IERC20(loan.collateralToken).transfer(

loan.borrower,

loan.collateral

);

emit Repaid(

msg.sender,

loan.lender,

loanId,

loan.debt,

loan.collateral,

loan.interestRate,

loan.startTimestamp

);

// delete the loan

delete loans[loanId];

}

355: function giveLoan(

uint256[] calldata loanIds,

bytes32[] calldata poolIds

) external {

for (uint256 i = 0; i < loanIds.length; i++) {

uint256 loanId = loanIds[i];

bytes32 poolId = poolIds[i];

// get the loan info

Loan memory loan = loans[loanId];

// validate the loan

if (msg.sender != loan.lender) revert Unauthorized();

// get the pool info

Pool memory pool = pools[poolId];

// validate the new loan

if (pool.loanToken != loan.loanToken) revert TokenMismatch();

if (pool.collateralToken != loan.collateralToken)

revert TokenMismatch();

// new interest rate cannot be higher than old interest rate

if (pool.interestRate > loan.interestRate) revert RateTooHigh();

// auction length cannot be shorter than old auction length

if (pool.auctionLength < loan.auctionLength) revert AuctionTooShort();

// calculate the interest

(

uint256 lenderInterest,

uint256 protocolInterest

) = _calculateInterest(loan);

uint256 totalDebt = loan.debt + lenderInterest + protocolInterest;

if (pool.poolBalance < totalDebt) revert PoolTooSmall();

if (totalDebt < pool.minLoanSize) revert LoanTooSmall();

uint256 loanRatio = (totalDebt * 10 ** 18) / loan.collateral;

if (loanRatio > pool.maxLoanRatio) revert RatioTooHigh();

// update the pool balance of the new lender

_updatePoolBalance(poolId, pool.poolBalance - totalDebt);

pools[poolId].outstandingLoans += totalDebt;

// update the pool balance of the old lender

bytes32 oldPoolId = getPoolId(

loan.lender,

loan.loanToken,

loan.collateralToken

);

_updatePoolBalance(

oldPoolId,

pools[oldPoolId].poolBalance + loan.debt + lenderInterest

);

pools[oldPoolId].outstandingLoans -= loan.debt;

// transfer the protocol fee to the governance

IERC20(loan.loanToken).transfer(feeReceiver, protocolInterest);

emit Repaid(

loan.borrower,

loan.lender,

loanId,

loan.debt + lenderInterest + protocolInterest,

loan.collateral,

loan.interestRate,

loan.startTimestamp

);

// update the loan with the new info

loans[loanId].lender = pool.lender;

loans[loanId].interestRate = pool.interestRate;

loans[loanId].startTimestamp = block.timestamp;

loans[loanId].auctionStartTimestamp = type(uint256).max;

loans[loanId].debt = totalDebt;

emit Borrowed(

loan.borrower,

pool.lender,

loanId,

loans[loanId].debt,

loans[loanId].collateral,

pool.interestRate,

block.timestamp

);

}

465: function buyLoan(uint256 loanId, bytes32 poolId) public {

// get the loan info

Loan memory loan = loans[loanId];

// validate the loan

if (loan.auctionStartTimestamp == type(uint256).max)

revert AuctionNotStarted();

if (block.timestamp > loan.auctionStartTimestamp + loan.auctionLength)

revert AuctionEnded();

// calculate the current interest rate

uint256 timeElapsed = block.timestamp - loan.auctionStartTimestamp;

uint256 currentAuctionRate = (MAX_INTEREST_RATE * timeElapsed) /

loan.auctionLength;

// validate the rate

if (pools[poolId].interestRate > currentAuctionRate) revert RateTooHigh();

// calculate the interest

(uint256 lenderInterest, uint256 protocolInterest) = _calculateInterest(

loan

);

// reject if the pool is not big enough

uint256 totalDebt = loan.debt + lenderInterest + protocolInterest;

if (pools[poolId].poolBalance < totalDebt) revert PoolTooSmall();

// if they do have a big enough pool then transfer from their pool

_updatePoolBalance(poolId, pools[poolId].poolBalance - totalDebt);

pools[poolId].outstandingLoans += totalDebt;

// now update the pool balance of the old lender

bytes32 oldPoolId = getPoolId(

loan.lender,

loan.loanToken,

loan.collateralToken

);

_updatePoolBalance(

oldPoolId,

pools[oldPoolId].poolBalance + loan.debt + lenderInterest

);

pools[oldPoolId].outstandingLoans -= loan.debt;

// transfer the protocol fee to the governance

IERC20(loan.loanToken).transfer(feeReceiver, protocolInterest);

emit Repaid(

loan.borrower,

loan.lender,

loanId,

loan.debt + lenderInterest + protocolInterest,

loan.collateral,

loan.interestRate,

loan.startTimestamp

);

// update the loan with the new info

loans[loanId].lender = msg.sender;

loans[loanId].interestRate = pools[poolId].interestRate;

loans[loanId].startTimestamp = block.timestamp;

loans[loanId].auctionStartTimestamp = type(uint256).max;

loans[loanId].debt = totalDebt;

emit Borrowed(

loan.borrower,

msg.sender,

loanId,

loans[loanId].debt,

loans[loanId].collateral,

pools[poolId].interestRate,

block.timestamp

);

emit LoanBought(loanId);

}

591: function refinance(Refinance[] calldata refinances) public {

for (uint256 i = 0; i < refinances.length; i++) {

uint256 loanId = refinances[i].loanId;

bytes32 poolId = refinances[i].poolId;

bytes32 oldPoolId = keccak256(

abi.encode(

loans[loanId].lender,

loans[loanId].loanToken,

loans[loanId].collateralToken

)

);

uint256 debt = refinances[i].debt;

uint256 collateral = refinances[i].collateral;

// get the loan info

Loan memory loan = loans[loanId];

// validate the loan

if (msg.sender != loan.borrower) revert Unauthorized();

// get the pool info

Pool memory pool = pools[poolId];

// validate the new loan

if (pool.loanToken != loan.loanToken) revert TokenMismatch();

if (pool.collateralToken != loan.collateralToken)

revert TokenMismatch();

if (pool.poolBalance < debt) revert LoanTooLarge();

if (debt < pool.minLoanSize) revert LoanTooSmall();

uint256 loanRatio = (debt * 10 ** 18) / collateral;

if (loanRatio > pool.maxLoanRatio) revert RatioTooHigh();

// calculate the interest

(

uint256 lenderInterest,

uint256 protocolInterest

) = _calculateInterest(loan);

uint256 debtToPay = loan.debt + lenderInterest + protocolInterest;

// update the old lenders pool

_updatePoolBalance(

oldPoolId,

pools[oldPoolId].poolBalance + loan.debt + lenderInterest

);

pools[oldPoolId].outstandingLoans -= loan.debt;

// now lets deduct our tokens from the new pool

_updatePoolBalance(poolId, pools[poolId].poolBalance - debt);

pools[poolId].outstandingLoans += debt;

if (debtToPay > debt) {

// we owe more in debt so we need the borrower to give us more loan tokens

// transfer the loan tokens from the borrower to the contract

IERC20(loan.loanToken).transferFrom(

msg.sender,

address(this),

debtToPay - debt

);

} else if (debtToPay < debt) {

// we have excess loan tokens so we give some back to the borrower

// first we take our borrower fee

uint256 fee = (borrowerFee * (debt - debtToPay)) / 10000;

IERC20(loan.loanToken).transfer(feeReceiver, fee);

// transfer the loan tokens from the contract to the borrower

IERC20(loan.loanToken).transfer(msg.sender, debt - debtToPay - fee);

}

// transfer the protocol fee to governance

IERC20(loan.loanToken).transfer(feeReceiver, protocolInterest);

// update loan debt

loans[loanId].debt = debt;

// update loan collateral

if (collateral > loan.collateral) {

// transfer the collateral tokens from the borrower to the contract

IERC20(loan.collateralToken).transferFrom(

msg.sender,

address(this),

collateral - loan.collateral

);

} else if (collateral < loan.collateral) {

// transfer the collateral tokens from the contract to the borrower

IERC20(loan.collateralToken).transfer(

msg.sender,

loan.collateral - collateral

);

}

emit Repaid(

msg.sender,

loan.lender,

loanId,

debt,

collateral,

loan.interestRate,

loan.startTimestamp

);

loans[loanId].collateral = collateral;

// update loan interest rate

loans[loanId].interestRate = pool.interestRate;

// update loan start timestamp

loans[loanId].startTimestamp = block.timestamp;

// update loan auction start timestamp

loans[loanId].auctionStartTimestamp = type(uint256).max;

// update loan auction length

loans[loanId].auctionLength = pool.auctionLength;

// update loan lender

loans[loanId].lender = pool.lender;

// update pool balance

pools[poolId].poolBalance -= debt;

emit Borrowed(

msg.sender,

pool.lender,

loanId,

debt,

collateral,

pool.interestRate,

block.timestamp

);

emit Refinanced(loanId);

}

Link to code - https://github.com/Cyfrin/2023-07-beedle/tree/main/src/Lender.sol

Tools Used

Manual Code Review by SolSaver

Recommendations

Try to keep the functions smaller by breaking it down into smaller functions.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.