Beedle - Oracle free perpetual lending

Summary

The function giveLoan accepts two input arrays: loanIds and poolIds. The function processes these arrays in a loop, assuming each loanId corresponds to a poolId at the same index. However, there's no check to ensure the two arrays have the same length.

Vulnerability Details

In the function, there are two input arrays - loanIds and poolIds. The function then enters a loop where it processes loans by pairing each loan ID with a corresponding pool ID, using their index in the respective arrays:

This method assumes that the loanIds and poolIds arrays have the same length, meaning each loanId has a corresponding poolId. However, the function doesn't actually check whether this assumption is true.

If the loanIds array is longer than the poolIds array, then the loop would still continue, but when it tries to access an index of poolIds that doesn't exist (because it has fewer elements), it would result in an out-of-bounds error, causing the transaction to fail.

On the other hand, if the poolIds array is longer than the loanIds array, the extra poolIds would simply be ignored because the loop only runs for the length of the loanIds array.

Impact

Transaction Failures: If the loanIds array is longer than poolIds, the function would try to access an out-of-bounds index in the poolIds array, causing an error and making the transaction revert. This would disrupt the expected operation of the contract and might cause the users to lose the gas fees associated with the transaction.

Inaccurate Contract State: If the loanIds array is shorter than poolIds, the function would ignore any extra poolIds. This would not cause the transaction to fail, but it might lead to an inaccurate or inconsistent state in the contract because some intended operations were not performed.

Tools Used

Manual

Recommendations

Validate Input Lengths: Add a requirement at the start of the function to ensure that the lengths of the loanIds and poolIds arrays are equal.