Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Front-running Vulnerability in Borrower's Loan Creation Process

0xanjan143

Summary

context: lender.sol

Lenders have the ability to create pools with specific loan parameters such as loan token, collateral token, interest
rate, and auction length. Borrowers can then select a pool that meets their loan conditions based on interest rate and
auction length, and create a loan according to the pool's details.

For instance, Alice, a lender, creates a pool with low interest and a 2-day auction length. Bob, a borrower seeking
loans with low interest, chooses Alice's pool to take a loan due to her attractive interest rate.

Vulnerability Details

The vulnerability is present in the lending.Borrow(), lending.giveLoan(), and lending.buyLoan() functions.

When Bob calls these functions with a particular poolId, a loan is created based on the provided poolId, using the
pool's interestRate and auctionLength.

Loan memory loan = Loan({
            lender: pool.lender,
            borrower: msg.sender,
            loanToken: pool.loanToken,
            collateralToken: pool.collateralToken,
            debt: debt,
            collateral: collateral,
            interestRate: pool.interestRate,
            startTimestamp: block.timestamp,
            auctionStartTimestamp: type(uint256).max,
            auctionLength: pool.auctionLength
        });

Exploitation Scenario:

Alice, who is monitoring the mempool, identifies her poolId. She proceeds to front-run Bob's transaction and exploits the
vulnerability by updating the interestRate to its maximum value and setting auctionLength to 0 using the functions
lender.updateInterestRate() or lender.setPool(). This manipulation results in Bob being subjected to significantly higher
interest rates and an auction length of 0, leaving him no chance to participate in the auction and potentially leading to
early liquidation of his loan.

Impact

This front-running vulnerability exposes borrowers to the risk of severe financial losses.They may end up paying
exorbitant interest rates or experiencing early liquidation of their loan without their knowledge, as the auction length
is set to 0, denying them the opportunity to participate in the auction.

Tools Used

Manual

Recommendations

To address this critical vulnerability and protect borrowers' funds, the following measures are recommended:

1.Input Validation in Borrow Struct: Take interestRate and auctionLength as input parameters in the Borrow struct during
the loan creation process. Ensure proper validation of these parameters to prevent malicious manipulation.

2.Comparison with Pool Parameters: Compare the interestRate and auctionLength provided by the borrower in the Borrow
struct with the corresponding values stored in the pool. Only proceed with loan creation if the borrower's parameters
align with the pool's predefined parameters.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.