Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Loan can be seized during an auction

ZdravkoHr

Summary

Loans can be seized before the end of their auction.

Vulnerability Details

The seizeLoan function allows users to seize a loan if an auction for them has failed. There is an if statement that reverts the transaction if a trial to claim a loan before the end of its auction occurs. The condition will return true if block.timestamp is equal to the end of the auction.

This may seem like intended, but in buyLoan we can see that an auction is considered active until block.timestamp passes its end time.

Impact

If an user who wants to buy a loan is backrunned in a block where the timestamp matches the end of the auction, he can end up buying a loan that gets seized by a malicious actor.

Tools Used

Manual review

Recommendations

Correct the check in seizeLoan to:

if (block.timestamp <= loan.auctionStartTimestamp + loan.auctionLength) revert AuctionNotEnded();

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.