Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Malicious lender can grief users' transactions changing the minLoanSize/maxLoanRation/poolBalance values

qbs

Summary

Malicious lender can grief users' transactions changing the minLoanSize/maxLoanRation/poolBalance values.

Vulnerability Details

Malicious lenders can create a pool with a very beneficial loan ratio. As users request a loan by calling the borrow function, the lender can frontrun it and:

Change the maxLoanRation for a smaller value than the calculated loanRatio
Change the minLoanSize by calling the setPool function for a bigger value than the user would like to borrow
Decrease the pool balance.

In these situations, the user's transaction will revert.

Impact

User's gas griefing and potential loss of trust in the protocol, as users may experience transaction failures and doubt the reliability of the protocol.

Tools Used

Manual review

Recommendations

Consider implementing a delay for changing those values.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.