Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Unchecked return value of transferFrom can cause loss of funds for protocol and users

0xumarkhatab

Summary

Checking the value of transfer and transferFrom is a good practice because most of the tokens implement it differently.
we might assume that they revert on failure but they might not.

Vulnerability Details

transfer and transferFrom are expected to return a boolean. But in the code , we assumed that the call
to these functions will either succeed or revert.
But this might not be the case
Some tokens return a boolean for these functions on success( True ) and Failure ( False).

Total instances:24

Impact

-> Funds loss for contract and users
-> Incorrect Accounting inside the platform

Tools Used

Manual Review, Perpetual Trading Tutorial

Recommendations

Carefully check the return values of these functions and also check the balances of contract or users to ensure that tokens are transferred successfully!

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.