Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Check whether the value of `outstandingLoans` has been modified, which could potentially lead to a transaction revert

0x9527

Summary

Check whether the value of outstandingLoans has been modified, which could potentially lead to a transaction revert

Vulnerability Details

1.user retrieve pool information like outstandingLoans from blockchain storage when modify pool balance.
2.user invoke setPool function use the above pool information.

But between step1 and step2 outstandingLoans may have changed due to actions such as repay.The whole transaction will be revert since:

// you can't change the outstanding loans

if (p.outstandingLoans != pools[poolId].outstandingLoans)

revert PoolConfig();

Impact

whole create new pool or modify pool balance transaction revert because of outstandingLoans been modified by repay or other action.

Tools Used

manual

Recommendations

As outstandingLoans cannot be modified directly, we can set p.outstandingLoans to the current correct data directly.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!