Auction Strategy is Not Fair for Borrowers because of High Interest Rate Possibility
Summary
Because of during auction interest rate is constantly growing till 10x amount (%1000) borrowers can get into situations they normally will never accept.
Vulnerability Details
We know that in general interest rates in lending protocols won't get higher than %15-20 at most. Beedle allows opening pools with interest rates up to %1000. Although pools with high interest rates generally won't find any borrowers willing to borrow, auction strategy of Beedle allows this pools to find borrowers without borrowers consent.
Let's assume one lender don't want to hold one position anymore and calls startAuction and let's assume auctionLength is 1 day.
At any time, interest rate will be calculated as follows:
MAX_INTEREST_RATE is : 100.000
loan.auctionLength is : 86.400
Which means after 1 hour of auction currentAuctionRate will be = (100.000 * 3600 / 86.400) = 4166 (%41.66) and will continue to go up by %41.66 percent every hour.
It is obvious that these amounts of interest rates are not plausible for borrowers. But because of auction's strategy about interest rate, borrowers will lose funds via interest payments.
Impact
Borrowers will lose small amount of funds because of auction strategy. Hence I consider this as medium.
Tools Used
Manual Review
Recommendations
Decrease MAX_INTEREST_RATE to more acceptable rates, 10.000(%100) might be plausible.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.