Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

The lender can front-run the borrowing transaction and set the interest rate to maximum

0xanmol

Summary

Lenders can potentially front-run a borrowing transaction in the mempool, taking advantage of the updateInterestRate() function to set the interest rate to the maximum. This would allow the lender to potentially profit from the transaction in an unfair manner.

Vulnerability Details

When a borrower initiates a borrowing transaction, it is typically recorded in a mempool before it is confirmed and included in a block on the blockchain. During this time, the borrowing transaction is visible to other participants, including lenders and arbitrageurs. A lender who closely monitors the mempool can observe pending borrowing transactions and take advantage of the situation.

The critical component in this scenario is the updateInterestRate() function. This function is responsible for setting the interest rate for the borrower's loan.This is how the flow works

  1. Monitor all borrowing transactions: The lender continuously monitors the mempool for all incoming borrowing transactions, regardless of the loan amount or collateral-to-loan ratio.

  2. Execute the front-run: Whenever a borrowing transaction is detected, the lender quickly initiates their own transaction providing high gas, ensuring they call the updateInterestRate() function before the original transaction can do so.

  3. Set the interest rate to the maximum: By calling the updateInterestRate() function first, the lender sets the interest rate to the maximum allowed value, irrespective of the borrower's willingness to take the loan at that high rate.

  4. Benefit from all transactions: By front-running and setting the interest rate to the maximum for every loan, the lender ensures that all borrowers are subjected to significantly higher interest rates than they should be paying based on fair market conditions and risk assessments.

  5. Unfair profit from all loans: With the ability to manipulate the interest rates across all borrowing transactions, the lender makes unfair profits from each loan, as borrowers will have to pay inflated interest rates that they did not expect or agree to.

POC

function test_frontrunBorrowAndIncreaseInterest() public {
// Lender set pool
Pool memory p = Pool({
lender: lender1,
loanToken: address(loanToken),
collateralToken: address(collateralToken),
minLoanSize: 100 * 10 ** 18,
poolBalance: 1000 * 10 ** 18,
maxLoanRatio: 20 * 10 ** 18,
auctionLength: 1 days,
interestRate: 1000,
outstandingLoans: 0
});
vm.startPrank(lender1);
bytes32 poolId = lender.setPool(p);
vm.stopPrank();
(,,,,,,, uint256 interestRate,) = lender.pools(poolId);
console.log("Initial Interest Rate", interestRate / 100, "%");
console.log("Frontrunning borrow transaction by increasing interest rate...");
vm.startPrank(lender1);
lender.updateInterestRate(poolId, 100000);
vm.stopPrank();
(,,,,,,, uint256 interestRate1,) = lender.pools(poolId);
console.log("Interest Rate after frontrunning", interestRate1 / 100, "%");
// Mint some loan token to borrower
loanToken.mint(address(borrower), 200 * 10 ** 18);
// Borrower borrows
vm.startPrank(borrower);
Borrow memory b = Borrow({poolId: poolId, debt: 100 * 10 ** 18, collateral: 100 * 10 ** 18});
Borrow[] memory borrows = new Borrow[](1);
borrows[0] = b;
lender.borrow(borrows);
vm.warp(block.timestamp + 2 days); //increase time since borrow to accumulate interest
// Borrower repays the loan
//*5.479452055×10e18 => This what we need to repay with 1000% interest rate after 2 days
//*5.479452055×10e16 => This what we need to repay with 10% interest rate after 2 days
loanToken.approve(address(lender), 105 * 10 ** 18);
uint256[] memory loanIds = new uint256[](1);
loanIds[0] = 0;
vm.expectRevert(ERC20.InsufficientAllowance.selector);
lender.repay(loanIds);
vm.stopPrank();
}

Impact

The impact of a lender front-running borrowing transactions and manipulating interest rates in the mempool includes unfair profits for the lender, loss of trust, ecosystem instability, and reputational damage to the decentralized finance (DeFi) ecosystem.

Tools Used

manual review

Recommendations

To prevent lender front-running and unfair manipulation of interest rates, a crucial mitigation measure is to design the smart contract in a way that restricts lenders from changing the interestRate directly or arbitrarily.

Read more

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.