Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Ignoring return values for transfer and tranferFrom breaks the accounting system of the protocol

ravikiranweb3

Summary

Protocol accounting system is broken as transfer and transferFrom function's return values are not being checked.

Vulnerability Details

transfer and transferFrom returns a bool to the caller to indicate whether the transfer succeeded or failed.
As there is no revert, if the calling logic ignores the return value and continues to account such transfers,
the protocol will not have its accounting in synch and hence a broken accounting system.

Impact

Broken accounting system leading to insolvency for protocol as well for losing user funds.

Tools Used

Manual transfer

Recommendations

Check the return values of transfer and transferFrom and revert incase of failures.
It would be better to use safe transfer utility from Openzeppelin.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.