Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

The loan ratio formula breaks if tokens do not have 18 decimals which leads to loss of funds or DoS

cosine

Summary

The loan ratio calculation assumes every token has 18 decimals to work, this does not always hold true and can break the system in different ways like for example DoS, or loss of funds.

Vulnerability Details

There are tokens with more or less than 18 decimals, which would break the formula.

The loan ratio formula used multiple times inside Lender.sol:

uint256 loanRatio = (debt * 10 ** 18) / collateral;

if (loanRatio > pool.maxLoanRatio) revert RatioTooHigh();

Impact

Loss of funds by taking out loans with an unfair loan ratio, or DoS as the the loan ratio is always bigger than 100%.

Tools Used

Manual Review, Foundry, VSCode

Recommendations

Update the formula in a way that fits tokens with different precision. The optional decimal function of ERC20 tokens could come in handy to do so.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.