Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Potential reentrancy attack vector to drain all collateral funds from Lender contract

0xscsamurai

Summary

Potential reentrancy attack vector to drain all collateral funds from Lender contract.

Vulnerability Details

The seizeLoan() function has no access control, and since it doesn't follow the CEI pattern, reentrancy is made possible by two transfer() functions, but especially by the transfer() function which sends collateral tokens to the lender. If the lender is rogue/attacker and uses a contract for his lender address, and if the collateral ERC20 token enables callback, then the attacker could successfully reenter the seizeLoan() and execute everything successfully up to the transfer functions and reenter multiple times, until the Lender contract is drained of all collateral funds, which were transferred to the lender address.

Impact

Lender contract could potentially be drained of all collateral tokens during one reentrancy attack by rogue lender.

Tools Used

VSC, manual.

Recommendations

Add reentrancy modifier or mutex lock.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.