Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

push a parameter into an array of tokens without checking if it already exists

fakemonkgin

Summary

push a parameter into an array of tokens without checking if it already exists

Vulnerability Details

https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Lender.sol#L276
push a new loan into array without checking

Impact

Repeating loans: If the existence of the loan in the loans array is not checked, it allows duplicate loan entries. This could lead to duplicate storage of loan information, impacting the accuracy and data consistency of the loans. Additionally, duplicate loan information may cause unexpected behavior or incorrect calculations.

Tools Used

Manual Review

Recommendations

Use a mapping to track existing loan objects. Only when confirming that the loan object does not exist, add it to the loans array

mapping(Loan => bool) loanExists

...

if (loanExists[loan]) revert LoanAlreadyExists();

loans.push(loan);

loanExists[loan] = true

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.