Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Malicious lender can withdraw tokens and break the protocol

ravikiranweb3

Summary

A malicious lender can reconfigure his pool by setting the new pool balance to be greater the earlier balance
and claim a larger deposit than actual

Vulnerability Details

Using the setPool() function on lending contract, the owner of a pool can reconfigure the pool.

As a malicious lender, the lender sets the new configuration for poolBalance to be greater than current balance.

Because of this, the lender contract will try to transfer the difference from the lender's account to the contract. But, since transferFrom is called and return value is ignored, while the underlying transfer fails,
the new setup for the pool is saved into the state of the contract.

As a result the lender holder larger number of ERC20 tokens that actually deposited.

Impact

Bypassing the lender contract logic to record more token lent to the protocol than actual, hence breaks the accounting system of the lender contract.

By doing this, the protocol will not have tokens that lender provided to it.

Tools Used

Manual Review

Recommendations

Use safeTransfer utility from openzeppelin

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.