Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

A lender can restart a loan's auction period by calling giveLoan

KrisApostolov

Summary

giveLoan() allows lenders to reset the auctionStartTimestamp of a loan even though this is not an intended privilege of theirs.

Vulnerability Details

Lender.sol's giveLoan() allows for a pool lender to give a loan to the very pool, that is holding it at that point in time as there is no explicit check disallowing it. It presents a vulnerability as the lender can now mutate how auctions work instead of them being started once and not being changed after that.

// @audit The auctionStartTimestamp gets re-written

loans[loanId].auctionStartTimestamp = type(uint256).max;

The only cost the lender needs to pay for this action is the protocolFee, which gets cut from the loan's accrued interest.

Impact

It allows gives lenders an unintended privilege, which enables them to have more control over the loans they are lenders for.

Tools Used

Manual Review

Recommendations

Consider adding a check to the giveLoan() that disables such behavior by not allowing the lender to give a loan to the same pool it originates from.

if(poolId = loan.poolId) revert CannotGiveLoanToSamePool();

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.