Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low

Missing update for the auction length in Lender.buyLoan

PTolev

Summary

The buyLoan function does not update the auctionLength property of the loan to match the new pool's auctionLength.

Vulnerability Details

The problem lies in the buyLoan function, where the auctionLength property of the loan is not being updated. Consequently, the new lender is forced to use the old pool's auctionLength, which may not align with their preferences.

Impact

Due to the lack of updating the auctionLength, the loan will retain the auctionLength from the old pool. As a result, the new lender will be unable to change the auctionLength according to their requirements, potentially leading to suboptimal auction conditions.

Tools Used

Manual review

Recommendations

Update the auctionLength property of the loan with the value from the new pool, ensuring that the new lender can set the desired auctionLength.

// update the loan with the new info
loans[loanId].lender = msg.sender;
loans[loanId].interestRate = pools[poolId].interestRate;
loans[loanId].startTimestamp = block.timestamp;
loans[loanId].auctionStartTimestamp = type(uint256).max;
+ loans[loanId].auctionLength = pools[poolId].auctionLength;
loans[loanId].debt = totalDebt;
emit Borrowed(
loan.borrower,
msg.sender,
loanId,
loans[loanId].debt,
loans[loanId].collateral,
pools[poolId].interestRate,
block.timestamp
);

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.