Beedle - Oracle free perpetual lending

Disclaimer

It is unclear how centralization risk would be classified within the CodeHawks system. I am classifying them as Medium here.

I was unable to find documentation of who the owner would be. If not carefully guarded by a large multisig, this issue would be High.

If I were a holder of the token, I would personally consider this a High.

However, if Beedle is open and upfront about their unilateral powers and the security mechanisms they have in place then this issue becomes less severe, as users are free to make their own decisions about who they trust. However, it will require trust.

Summary

Two different major centralization risks

1. Owner of Beedle.sol can mint infinite tokens

2. Owner of Lender.sol can set themselves as fee receiver

Vulnerability Details

1. Owner of contract can mint infinite tokens. Diluting holders or draining exchanges instantly. No specification is provided on how owner private key will be managed.

2. Owner of contract set themselves to receive all fees directly. This would cut out stakers from the fees I assume they expect. In fact, the owner is the default recipient of all fees.

Impact

1. Instant loss of all value underlying BDL token in exchanges

2. Loss of all future fees that stakers were anticipating

Recommendations

1. The privileged mint function should be removed altogether and an explicit max supply should be implemented using the ERC20Votes standard.

2. Set Fee.sol contract as the default recipient and remove the privileged functionality to change recipient.