Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

No access control in Lender.setPool()

gaxnik1

Summary

No access control in Lender.setPool()

Vulnerability Details

In Lender.sol, setPool() does not check the caller's permission to update the pool balance. This means that any user could call the function, even if they are not the lender. https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L130-L176

Proof of Concept

For example, let's say that a malicious user calls the setPool function with a new pool balance of 0. This would effectively drain the pool of all loan tokens.p.lender != msg.sender check only applies to the poolBalance field. This means that a malicious user could still call the setPool function with a new value for the outstandingLoans field, even if they are not the lender.

Tools Used

Manual Review

Recommendations

Add require(msg.sender == pools[poolId].lender, "Only the lender can update the pool balance");

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.