Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Borrower can prevent a loan from being seized by refinancing with same terms

bernd

Summary

The refinance function does not check if the loan is defaulted (i.e., the auction has ended, and the collateral can be seized). This allows the borrower to prevent the loan from being seized by refinancing with the same terms.

Vulnerability Details

A borrower can prevent their loan collateral from being seized by calling the refinance function with the same terms (the debt needs to be slightly adjusted to incorporate the accrued interest). This resets the auctionStartTimestamp to type(uint256).max in line 692 and thus stops the auction. The lender can no longer seize the loan and would have to restart the auction.

The borrower can repeat this process indefinitely to DoS the seizing process.

Lender.sol#L692

Impact

The lender cannot seize the defaulted loan and is potentially DoSed.

Tools Used

Manual Review

Recommendations

Consider only allowing the borrower to refinance the loan when the loan is not seizable (i.e., the auction ended).

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!