Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

A malicious lender can induce the borrower to pay more interest

Phantasmagoria

Summary

A malicious lender can induce the borrower to pay more interest than he should by changing the loan token in the setPool() function.

Vulnerability Details

Malicious lender can set a new loan token via the setPool() function. This function doesn't check whether the new loan token is the same as the token that was before. As a result, the getPoolId() in the repay function will return a different hash.

bytes32 poolId = getPoolId(

loan.lender,

loan.loanToken,

loan.collateralToken

);

As poolId refers to another pool, outstandingLoans will be zero, and the transaction will revert due to underflow:

pools[poolId].outstandingLoans -= loan.debt;

The lender can set the maximum interest rate and wait for some time. Then, they can change the loan token back and allow the borrower to repay their loan

Impact

Borrower will have to pay more interest.

Tools Used

Manual Review

Recommendations

Don't allow the lender to change or loan token

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.