Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Borrower might repay a loan without getting their collateral back

flacko

Summary

When repaying a loan, borrower might end up not receiving their collateral tokens back because of how some ERC20 tokens handle failed transfer calls.

Vulnerability Details

Some ERC20 tokens do not revert on failed transfer calls which might end up hurting a borrower when they're repaying their loans since at the end of the repay() function, the collateral tokens that the borrower put up for the loan are transferred back to them. If that call fails, the collateral is stuck in the Lender contract and there's no way for the end user to withdraw it.

Impact

Borrowers can end up repaying their loan without receiving their collateral back.

Tools Used

Manual review

Recommendations

Use safeTransfer() when transferring the collateral tokens back to the borrower or simply require that the transfer call returns true as a result.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.