Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

Submission Details

Severity: high

Valid

Malicious user can drained all the other pools

buyLoan() doesn't have the requirement checking if the pool has the lender is msg.sender

Malicious user can do this:

A(malicious user) makes a pool
B(A's alternative account) lends A's pool
A immediately startAuction() the B's loan
A can buyLoan using C's pool
After this, pools[C's pool].poolBalance got decrease, and pools[A's pool].poolBalance got increase
A can removeFromPool() and take profit

Moreover, all of this step can execute in one transaction

Manual Review

Add the requirement if(pools[poolId].lender != msg.sender) revert NotOwner(); in buyLoan()

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.