Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

in giveLoan the new lender can cause the function to revert

ohi0b

Summary

giveLoan can revert, how? By the new lender frontrunning the updating their poolbalance causing the function to revert and dosing giveLoan

Vulnerability Details

ex:

Alice the old lender wants to give his loan to Bob

Bob front runs Alice tx to give him the loan

By taking out their pool balance

causing Alice tx to revert and putting more risk on Alice

// in `giveLoan` the new lender can make poolBalance less then totalDebt

_updatePoolBalance(poolId, pool.poolBalance - totalDebt);

Impact

Now you might think this is the system design but this is a bug the new pool shouldn't be able to make the old lender revet and not accept the loan

In the future if the protocol has a list of lenders that accept that they will take old lenders loans over they can cause revert and cause gas loss for the lenders which interim will cause more risk and maybe loss of funds for the old lender/lenders

Tools Used

Recommendations

either use some sort of flashbots or instead of reverting don't allow setPool to get called when giveLoan is going to happen

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.