Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

Double poolBalance update in refinance

kose

Summary

During refinance , poolBalance update is done twice. This will either revert if lender don't have enough amount of balance or more importantly lender will lose funds.

Vulnerability Details

During refinance first we call _updatePoolBalance and deduct tokens from the pool as shown below:

// now lets deduct our tokens from the new pool
_updatePoolBalance(poolId, pools[poolId].poolBalance - debt);
...
/// @notice update the balance of a pool and emit the event
/// @param poolId the id of the pool to update
/// @param newBalance the new balance of the pool
function _updatePoolBalance(bytes32 poolId, uint256 newBalance) internal {
pools[poolId].poolBalance = newBalance;
emit PoolBalanceUpdated(poolId, newBalance);
}

After that, we again deduct tokens from the pool as shown below:

// update pool balance
pools[poolId].poolBalance -= debt;

Hence we are deducting debt amount of token from the pool twice. Hence if pool don't have enough token; it will revert, if pool have enough token; lender will lose debt amount of token unfairly.

Impact

Direct loss of funds for lender, hence I consider this as high.

Tools Used

Manual Review.

Recommendations

Remove second poolBalance update.

One extra recommendation regardless of this issue: For best practices it is important to follow Checks,Effects,Interactions pattern. This double reduction might have happened because there are so many "interactions" between poolBalance update "effects", hence it is easier to miss these kind of double effects.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.