Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Lender can frontrun borrower and increase interest rate

hlx

Summary

After borrower initiates to borrow from a pool, the lender can front-run this transaction and increase interest rate to the max of 1000%. Borrower is now stuck with a loan with a huge interest rate that it did not agree to, resulting in huge losses.

Vulnerability Details

Function updateInterestRate allows the lender to increase the interest rate for a pool anytime.

function updateInterestRate(bytes32 poolId, uint256 interestRate) external {
if (pools[poolId].lender != msg.sender) revert Unauthorized();
if (interestRate > MAX_INTEREST_RATE) revert PoolConfig();
pools[poolId].interestRate = interestRate;
emit PoolInterestRateUpdated(poolId, interestRate);
}

https://github.com/Cyfrin/2023-07-beedle/blob/658e046bda8b010a5b82d2d85e824f3823602d27/src/Lender.sol#L221-L226

This opens up an attack vector where malicious lenders can front-run a borrower's transaction to increase the interest rate right before the borrow function is executed. This will result in a huge disadvantage to the borrowers where they are unfairly required to pay the exorbitant interest rate before they are able to claim back their collateral. In some instances, they may be forced to forgo their collateral at a huge loss.

Impact

See above.

Tools Used

Manual review.

Recommendations

Remove function updateInterestRate and make it clear to lenders that interest rates cannot be changed after pool is launched. If they want to change the interest rate thereafter, they need to set up a new pool.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.