Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Missing Auction Length Update in BuyLoan Function

ubermensch

Summary

It has been identified that the buyLoan function, which allows someone to buy a loan in auction, does not update the auctionLength attribute in the loan, causing the loan to retain the auctionLength of the old pool rather than the new one.

Vulnerability Details

The issue is in the buyLoan function, which allows someone to buy a loan in auction. The function does not update the auctionLength attribute in the loan, causing the loan to retain the auctionLength of the old pool rather than the new one. This can lead to inconsistencies and potential inaccuracies in the auction process.

Impact

This vulnerability can lead to significant inaccuracies in the auction process, which can affect the fairness of the loan terms and potentially lead to financial losses for either the borrower or the lender.

Tools Used

Manual Review

Recommendations

To mitigate this vulnerability, it is recommended to revise the buyLoan function to correctly update the auctionLength attribute in the loan when a loan is bought in auction.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.