Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Borrower can initiate refinance for loans that are under auction

ravikiranweb3

Summary

Borrower can initiate refinance for loans held while lender initiates an auction and it active. These are two separate processes initiated by two parties leading to a weird state based on the order of execution.

Vulnerability Details

Borrower can initiate refinance to move the loan to a different pool by specifying the pool id.
Like wise, the lender can also initiate Auction process creating opportunity for other lenders to acquire the loan.
Since both these processes are imitated by two different parties, there is a potential for conflict based on order of execution resulting in state being updated to weird state.

Impact

State can potentially be updated to a weird state.

Tools Used

Manual review

Recommendations

If the auction has started by the lender, then refinance invoked by the borrower should revert.
Implement a check in the refinance function to ensure auction is not initiated. If not initiated, the borrower can process the refinance.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.