Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect event emission when Refinancing loans

hash

Summary

The Repaid event is emitted with wrong arguments in the refinance function.

Vulnerability Details

The Repaid event is supposed to emit the debt and collateral associated with a loan repayment. In the refinance function the event is emitted with the debt and collateral of the new borrow.
https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Lender.sol#L591-L710

function refinance(Refinance[] calldata refinances) public {
for (uint256 i = 0; i < refinances.length; i++) {
... more code
// @audit: these are the debt and collateral amounts going to be used for the new borrow
uint256 debt = refinances[i].debt;
uint256 collateral = refinances[i].collateral;
....... more code
// @audit: this is the debt being paid to the original lender
uint256 debtToPay = loan.debt + lenderInterest + protocolInterest;
...... more code
// @audit: the repaid event is emitted with debt and collateral amounts associated with the new borrow
emit Repaid(
msg.sender,
loan.lender,
loanId,
debt,
collateral,
loan.interestRate,
loan.startTimestamp
);
........ more code
}
}

Impact

Off chain integrations can be thrown off due to misinformation.

Tools Used

Manual review

Recommendations

Use the debt and collateral associated with the repaying loan.

function refinance(Refinance[] calldata refinances) public {
for (uint256 i = 0; i < refinances.length; i++) {
... more code
// @audit: this is the debt being paid to the original lender
uint256 debtToPay = loan.debt + lenderInterest + protocolInterest;
...... more code
emit Repaid(
msg.sender,
loan.lender,
loanId,
debtToPay,
loan.collateral,
loan.interestRate,
loan.startTimestamp
);
........ more code
}
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.