Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Lender can increase the interest and cause the borrower to lose funds

ohi0b

Summary

Their no protection for the borrower that the old lender cant cause more debt since there are issues with how this is dealt with in the code

Vulnerability Details

In refinance the old lender can up the interest to 100% then the borrower will have to pay more or it will revert but if the token is usdt then it won't revert since its using transfer then the lender will get more tokens and the new lender will take on more risk but if the borrower has those tokens then they will lose those tokens and with a huge position it can be 50% increase of the debt which is not good and will cause loss of funds for the borrower

//Calculate the interest

(

uint256 lenderInterest,

uint256 protocolInterest

) = _calculateInterest(loan);

//The interest function just uses the updated loan object which will be the higher interest one

uint256 debtToPay = loan.debt + lenderInterest + protocolInterest;

Impact

Loss of funds for the borrower/revert

Tools Used

Recommendations

Add a time delay for when the lender can change parameters

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.