Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Lender.giveLoan increases amount that user should pay

rvierdiiev

Summary

Lender.giveLoan increases amount that user should pay

Vulnerability Details

Lender.giveLoan function allows lender to give his loan to another lender.
In this process new debt becomes previous debt + interests.

This can seem ok, as borrower should compensate funds that new loaner paid, but it actually not good, because now not only debt amount is accruing interest, but debt + interests.

Example.
I have debt for 1000$ with interest 5% a month. So should repay 1100 in 2 months. And after 1 month my lender gives my loan to another lender with same 5% interest rate. totalDebt is 1050$ now(as 1 month already gone). After 1 more month i want to repay my debt and i expect to pay 1100.

Also lender can give loan to himself and in such way increase debt for user.

Impact

Borrower will pay more funds.

Tools Used

VsCode

Recommendations

Accrued interest from previous debt should not be added to the debt and accrue interests. They can be stored to additional variable to be repaid.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!