Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high

Lender.sol#setPool() - Passing in a fraudulent loan token can lead to a loss of funds for the borrower

0xdeth

Summary

Passing in a fraudulent loan token can lead to a loss of funds for the borrower.

Vulnerability Details

Since tokens aren't vetted, a lender can pass in any address for loanToken.

Let's take the following scenario:
Lizzy - Lender (malicious)
Bob - Borrower

Lizzy creates a fraudulent WETH token (FWETH = Fake WETH). It will have the same symbol, name and decimals as the real WETH. FWETH doesn't even have to implement any malicious code it just has to look like the real WETH token.
Lizzy creates a pool where she loans out her FWETH for real USDC.
Bob, an unsuspecting user, trades his USDC for FWETH. Bob thinks he just got WETH, but in fact he got FWETH which just mirrors the real token. Since the tokens aren't the same Bob is now holding a useless token which he can't use.

Impact

Unsuspecting users can trade real tokens for fake ones, without realizing it.

Tools Used

Manual review

Recommendations

Create whitelist/blacklist for token addresses where tokens can be vetted.

mapping(address => bool) isTokenAllowed;
...
function setPool(Pool calldata p) public returns (bytes32 poolId) {
// validate the pool
if (
// Add the check here or something similiar
isTokenAllowed[p.loanToken] ||
p.lender != msg.sender ||
p.minLoanSize == 0 ||
p.maxLoanRatio == 0 ||
p.auctionLength == 0 ||
p.auctionLength > MAX_AUCTION_LENGTH ||
p.interestRate > MAX_INTEREST_RATE
) revert PoolConfig();
...
}

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!