Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Loan Tokens stuck at zero amount transfer

0xackermann

Vulnerability Details

Impact

There are no checks for the amounts to be transferred in some functions. As loan token is set by the lender, which is an arbitrary token, in some cases when the token does not allow for zero amount transfers, the transfer will not succeed.

Proof of concept

https://github.com/d-xo/weird-erc20#revert-on-zero-value-transfers

In a situation when such weird ERC20 token is the loan token, some functions may not succeed when the amount is 0.

Setting the severity to high because loan token is the token set by the lender, which is an arbitrary token and loan token is the token the lenders are lending out, which is the main component of the lending in this Beedle protocol.

How to fix

For example on Line 267, add additional check before transferring the amount of the loan tokens as fees.

// Lender.sol#L267

// calculate the fees

uint256 fees = (debt * borrowerFee) / 10000;

// transfer fees

+ if (fees > 0) {

+ IERC20(loan.loanToken).transfer(feeReceiver, fees);

+ }

- IERC20(loan.loanToken).transfer(feeReceiver, fees);

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!