Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Adding to a pool in `Lender.sol` can lead to loss of funds

Omeguhh

Summary

If a pool uses an erc777 as its loan token, a malicious lender can callback into the addToPool() function and accumulate a pool.poolBalance that is much higher than what they have deposited into their pool.

Vulnerability Details

ERC777 allows for sender callbacks. Since the addToPool() function has no reentrancy protection and does not follow cei / frei-pi and allows malicious lenders to update their pool balance disproportionately to their deposited tokens.

Impact

This can lead to large scale loss of funds since Lender.sol is holding the balances for the pools, and there can be multiple pools with the same loan token.

(eg Good Lender A deposits 100 X token into their pool. Bad Lender B deposits 100 X token but reenters on the ERC777 sender callback and an extra 100 tokens are added to his pool balance. Bad Lender B can then removeFromPool() and steal 200 total X tokens, leaving Good Lender A with zero tokens to claim.

Tools Used

manual review and vs code

Recommendations

Add reentrancy guards, follow cei or frei-pi standards.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.