Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Missing zero input checks can lead to revenue loss

inallhonesty

Summary

All 3 governance functions, setLenderFee, setBorrowerFee and setFeeReceiver miss zero input checks, which could lead to configuring both the fees to 0 or the feeReceiver to address(0), thus losing revenue. Moreover in Ownable.sol the function transferOwnership should also include an if statement to prevent accidental transfer of ownership to zero address. Such an ownership transfer would render all the governance part of the contract useless.

Vulnerability Details

Lack of input validation can lead to the accidental setting of the lenderFee and borrowerFee to 0 and the feeReceiver and the contract owner to address(0).

Impact

Loss of revenue and loss of access to governance functions.

Tools Used

Manual review

Recommendations

Insert zero input checks in the following places:

In Lender.sol:
function setLenderFee(uint256 _fee) external onlyOwner {
if (_fee > 5000) revert FeeTooHigh();
+ if (_fee == 0) revert ZeroInput();
lenderFee = _fee;
}
function setBorrowerFee(uint256 _fee) external onlyOwner {
if (_fee > 500) revert FeeTooHigh();
+ if (_fee == 0) revert ZeroInput();
borrowerFee = _fee;
}
function setFeeReceiver(address _feeReceiver) external onlyOwner {
+ if (_feeReceiver == address(0)) revert ZeroInput();
feeReceiver = _feeReceiver;
}

In Ownable.sol: (please take a look at OZ's implementation available at Link 3)

function transferOwnership(address _owner) public virtual onlyOwner {
+ if (_owner == address(0)) revert ZeroInput();
owner = _owner;
emit OwnershipTransferred(msg.sender, _owner);
}

In Errors.sol:

+ error ZeroInput();

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!