Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

External calls to ERC20 tokens in an unbounded for loop can cause DOS

kamuik16

Summary

Occurrence of various external calls to IERC20 inside an unbounded for-loop.

Vulnerability Details

External calls to IERC20 within an unbounded for-loop creates a possible DOS attack. In this case, the functions 'refinance', 'seizeLoan', 'startAuction', 'giveLoan', 'repay', and 'borrow' contain this vulnerability. An attacker could exploit this by creating conditions where the for-loop continues indefinitely, causing the smart contract to exhaust its gas limit.

Impact

Legitimate interactions with the contract—like refinancing loans, seizing loans, starting auctions, giving loans, repaying loans, and borrowing—could be blocked if exploited.

Tools Used

VS Code
Hardhat
Manual Review

Recommendations

Consider limiting the number of iterations in for-loops that make external calls.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.