Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Single step ownership transfer

flacko

Summary

Single step ownership transfer is being used instead of a 2-step one. This puts at risk the Beedle token, the Staking and Lender contracts.

Vulnerability Details

When a single step ownership transfer is used, theres the wide-known possibility of transferring the ownership to a wrong address by mistake.

Impact

In the case of Lender.sol, if ownership is transferred to an address that's not under the control of anyone of the governance team, this means not being able to collect accrued fees as well as losing access to setter functions that adjust system parameters.

Tools Used

Manual review

Recommendations

Use a 2-step ownership transfer procedure. This way if the new owner address has been inputted wrongly, it's has no detrimental effects on the ownership of the contracts.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.