Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Centralization risks

aballok

Summary

Contracts that are Ownable and have centralization risks

Vulnerability Details

Owner of contracts has certain privileges that can impact working of protocol for example below function owner can set their own address or address they control to take away fees from protocol
function setFeeReceiver(address _feeReceiver) external onlyOwner { //

or owner can mint Beedle tokens to any address of their liking
function mint(address to, uint256 amount) external onlyOwner {

Impact

Medium: If ownership is lost, goes rogue they can steal fees implying that the Staking contract is rendered useless. Having admin controlled functions opens up risks to centralization of the protocol. However, in the documentation it is not clear if the ownership will be Governance but there is indication of Lender.sol line 78 that contracts and onlyOwner functions are controlled by governance. If that is the case, this risk falls to lower level

Tools Used

Manual Analysis

Recommendations

It is recommended contracts that need to have owner have the owner as Governance Contracts or Multisig and risks of Ownable contracts are well understand, documented and informed

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.