Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

[M-03] The `update` function may never update

pina

Summary

Multiple functions uses the Staking.update function to update the rewards, but that do not work correctly, so the user would not see their rewards reflected.

Vulnerability Details

When you start the process in the deposit function for example, where the user for the first time will try to collect reward. After the token transfer is successful, updateFor is called.

It calls update and when found in this statement:

64 uint256 _balance = WETH.balanceOf(address(this));

65 if (_balance > balance) {

This scenario can happen, if users make use of these functions and there are still no deposits in WETH, that if the Lender.sol contract does not place the address of the Fees.sol contract, users may not have rewards

Impact

Users will not earn rewards

Tools Used

Manual code review

Recommendations

Ensure that when depositing, the contract has WETH for the reward mechanism to work.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.