Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Access modifiers: Staking.sol

touqeershah32

Summary

Access Modifier of function which is very import which Function is call by everyone and which one is for internal used only.
In the come way if updateFor(calculate share) and updated (which updated ratio) both should be call by internal not public.

Vulnerability Details

It will call by any one which updated ratio value without deposit function or withdraw function call which actual change or updated value,

It used balanceOf:ERC20 function to check contract balance which is used to change the ratio value without check does user deposit anything or not, if I transfer directly amount to this contract then, I am able to change index to make other which is used to increase the claim amount value.

Impact

It will effect on index which we are using to calculate the claim reward, it will effect it.

Tools Used

Foundry, Remix and Code Review

Recommendations

Make them internal instead of public.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.