Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Reentrancy vulnerabilities

crypt0mate

Summary

The Lender contract has 3 more functions that are vulnerable to reentrancy attacks. Which are zapBuyLoan, seizeLoan, and setPool.

Vulnerability Details

Basically Reentrancy occurs when a contract makes an external call to another contract, allowing the called contract to call back into the calling contract before the first call is finished. This can lead to unexpected behavior and potentially allow an attacker to exploit the contract.

In this case the zapBuyLoan, seizeLoan, and setPool functions all make external calls to other contracts, which could potentially allow for reentrancy attacks.

Impact

If an attacker were able to exploit these vulnerabilities, they could potentially cause unexpected behavior in the contract and potentially steal funds or manipulate the state of the contract.

Tools Used

The vulnerabilities were identified through manual code review.

Recommendations

Its recommended to use ReentrancyGuard contract from OpenZeppelin. This contract provides a nonReentrant modifier that can be applied to functions to prevent reentrant calls. By applying this modifier to the vulnerable functions in the Lender contract, it would prevent reentrancy attacks from occurring.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.