Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Fees.sol#sellProfits won't work if a pool with the hardcoded fee tier doesn't exist

0xasen

Summary

In function sellProfits() the fee tier is hardcoded as fee: 3000. However, there is no guarantee that a pool with that fee tier for WETH and the loan tokens will exist on the chain the contract is being deployed.

Vulnerability Details

More information about fee tiers can be found here but I'll quote the important part here:

"Medium Risk Pairs: 0.30%. The medium risk are considered any non-related pairs which have a high trading volume/popularity, Popular pairs tend to have a slightly lower risk in volatility.

High Risk Pairs: 1.00%. Any other exotic pairs will be considered high risk for liquidity providers and incur the highest trading fee of 1%."

It is not safe to assume that the trading pair of loanToken/WETH has high trading volume/popularity to be considered Medium risk and therefore will have 0.30% fee.

There is a chance that it will be considered High risk and the fee will be 1%(10000).

Impact

The sellProfits() function won't work.

Tools Used

Manual review

Recommendations

Pass the fee as a parameter or handle the cases in which the pool with 3000 fee does not exist.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!