Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Lender.repay() does not check loanIds array

gaxnik1

Summary

Lender.repay() does not check loanIds array

Vulnerability Details

In Lender.sol, repay() does not check the loanIds array to ensure that it contains valid loan IDs. This means that a malicious user could call the function with an invalid loan ID, which could cause the function to fail. https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Lender.sol#L292-L345

Proof of Concept

Assume loanIds array has 4 ID's. Let's say that the malicious user knows that there is no loan with a loan ID of 5. If the malicious user calls the function repay with this array of loan IDs, the function will fail because it will try to repay a loan that does not exist. This could have a number of negative consequences, such as preventing the borrower from repaying their loan, or causing the pool to lose money.

Tools Used

Manual Review

Recommendations

Add require(loanID < loans.length, "Invalid loan ID"). It will check each loan ID in the array to ensure that it is less than the length of the loans array.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.