Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

`borrow()` function can be reentered to drain pool

Omeguhh

Summary

The borrow() function in Lender.sol can be reentered by a potential borrower to steal funds and drain the entire pool of its tokens.

Vulnerability Details

The borrow() function creates a loan but does not add it to the array of loans before sending the borrower the funds they requested. The funds used for collateral are also not taken from the borrower until AFTER the borrower receives the funds. Without proper reentrancy protection, this leads to a malicious borrower to be able to drain the entire pool of a lender while posting little as collateral.

Impact

A malicious borrower can drain entire pools since the loan is only added to the array of existing loans at the end of the call, a user can post very little as collateral and drain entire pools.

Tools Used

manual review

Recommendations

Use reentrancy protection, push the loan into the loans array before transferring funds, transfer the user funds only after the Lender receives collateral.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.