Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Reentrancy in `Lender` contract `setPool`

fondevs

Summary

Reentrancy in the setPool function allows an attacker to drain the contract balance of any ERC777 tokens

Vulnerability Details

In the setPool function, an attacker is able to re-enter and drain the contract balance of any ERC777 tokens by first creating a pool with a pool balance, then reducing the pool balance. when the contract tries to send the excess token the attacker reenters the setPool again untill the balance is empty

Impact

the attacker is able to drain the contract of any ERC777 token

Tools Used

Manuel Analysis

Recommendations

apply a reentrancy guard modifier to the setPool function

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.