Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Events may be emitted out of order due to reentrancy

codeslide

Summary

The check-effects-interactions pattern is not being followed as related to the emission of events.

Vulnerability Details

There are 24 instances of this issue.

View 24 Instances
File: src/Lender.sol
/// @audit transferFrom() on line 152 prior to emission of PoolBalanceUpdated() on line 165
165: emit PoolBalanceUpdated(poolId, p.poolBalance);
/// @audit transfer() on line 159 prior to emission of PoolBalanceUpdated() on line 165
165: emit PoolBalanceUpdated(poolId, p.poolBalance);
/// @audit transferFrom() on line 152 prior to emission of PoolCreated() on line 169
169: emit PoolCreated(poolId, p);
/// @audit transfer() on line 159 prior to emission of PoolCreated() on line 169
169: emit PoolCreated(poolId, p);
/// @audit transferFrom() on line 152 prior to emission of PoolUpdated() on line 172
172: emit PoolUpdated(poolId, p);
/// @audit transfer() on line 159 prior to emission of PoolUpdated() on line 172
172: emit PoolUpdated(poolId, p);
/// @audit transfer() on line 269 prior to emission of Borrowed() on line 277
277: emit Borrowed(
278: msg.sender,
279: pool.lender,
280: loans.length - 1,
281: debt,
282: collateral,
283: pool.interestRate,
284: block.timestamp
285: );
/// @audit transferFrom() on line 271 prior to emission of Borrowed() on line 277
277: emit Borrowed(
278: msg.sender,
279: pool.lender,
280: loans.length - 1,
281: debt,
282: collateral,
283: pool.interestRate,
284: block.timestamp
285: );
/// @audit transferFrom() on line 317 prior to emission of Repaid() on line 333
333: emit Repaid(
334: msg.sender,
335: loan.lender,
336: loanId,
337: loan.debt,
338: loan.collateral,
339: loan.interestRate,
340: loan.startTimestamp
341: );
/// @audit transferFrom() on line 323 prior to emission of Repaid() on line 333
333: emit Repaid(
334: msg.sender,
335: loan.lender,
336: loanId,
337: loan.debt,
338: loan.collateral,
339: loan.interestRate,
340: loan.startTimestamp
341: );
/// @audit transfer() on line 329 prior to emission of Repaid() on line 333
333: emit Repaid(
334: msg.sender,
335: loan.lender,
336: loanId,
337: loan.debt,
338: loan.collateral,
339: loan.interestRate,
340: loan.startTimestamp
341: );
/// @audit transfer() on line 565 prior to emission of LoanSiezed() on line 577
577: emit LoanSiezed(
578: loan.borrower,
579: loan.lender,
580: loanId,
581: loan.collateral
582: );
/// @audit transferFrom() on line 642 prior to emission of Repaid() on line 676
676: emit Repaid(
677: msg.sender,
678: loan.lender,
679: loanId,
680: debt,
681: collateral,
682: loan.interestRate,
683: loan.startTimestamp
684: );
/// @audit transfer() on line 651 prior to emission of Repaid() on line 676
676: emit Repaid(
677: msg.sender,
678: loan.lender,
679: loanId,
680: debt,
681: collateral,
682: loan.interestRate,
683: loan.startTimestamp
684: );
/// @audit transfer() on line 653 prior to emission of Repaid() on line 676
676: emit Repaid(
677: msg.sender,
678: loan.lender,
679: loanId,
680: debt,
681: collateral,
682: loan.interestRate,
683: loan.startTimestamp
684: );
/// @audit transfer() on line 656 prior to emission of Repaid() on line 676
676: emit Repaid(
677: msg.sender,
678: loan.lender,
679: loanId,
680: debt,
681: collateral,
682: loan.interestRate,
683: loan.startTimestamp
684: );
/// @audit transferFrom() on line 663 prior to emission of Repaid() on line 676
676: emit Repaid(
677: msg.sender,
678: loan.lender,
679: loanId,
680: debt,
681: collateral,
682: loan.interestRate,
683: loan.startTimestamp
684: );
/// @audit transfer() on line 670 prior to emission of Repaid() on line 676
676: emit Repaid(
677: msg.sender,
678: loan.lender,
679: loanId,
680: debt,
681: collateral,
682: loan.interestRate,
683: loan.startTimestamp
684: );
/// @audit transferFrom() on line 642 prior to emission of Borrowed() on line 699
699: emit Borrowed(
700: msg.sender,
701: pool.lender,
702: loanId,
703: debt,
704: collateral,
705: pool.interestRate,
706: block.timestamp
707: );
/// @audit transfer() on line 651 prior to emission of Borrowed() on line 699
699: emit Borrowed(
700: msg.sender,
701: pool.lender,
702: loanId,
703: debt,
704: collateral,
705: pool.interestRate,
706: block.timestamp
707: );
/// @audit transfer() on line 653 prior to emission of Borrowed() on line 699
699: emit Borrowed(
700: msg.sender,
701: pool.lender,
702: loanId,
703: debt,
704: collateral,
705: pool.interestRate,
706: block.timestamp
707: );
/// @audit transfer() on line 656 prior to emission of Borrowed() on line 699
699: emit Borrowed(
700: msg.sender,
701: pool.lender,
702: loanId,
703: debt,
704: collateral,
705: pool.interestRate,
706: block.timestamp
707: );
/// @audit transferFrom() on line 663 prior to emission of Borrowed() on line 699
699: emit Borrowed(
700: msg.sender,
701: pool.lender,
702: loanId,
703: debt,
704: collateral,
705: pool.interestRate,
706: block.timestamp
707: );
/// @audit transfer() on line 670 prior to emission of Borrowed() on line 699
699: emit Borrowed(
700: msg.sender,
701: pool.lender,
702: loanId,
703: debt,
704: collateral,
705: pool.interestRate,
706: block.timestamp
707: );
File Link Instance Count Instance Links
Lender.sol 24 165,165,169,169,172,172,277,277,333,333,333,577,676,676,676,676,676,676,699,699,699,699,699,699

Impact

Events may be emitted out of order due to reentrancy.

Tools Used

baudit: a custom static code analysis tool; manual review

Recommendations

Ensure that events follow the check-effects-interactions pattern, and are emitted before external calls.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.