Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Loan[] array

akhilmanga

Summary

The loans array is a public state variable in the contract that isn't initialized.
Issues:
-> Uninitialized storage variables can unexpectedly point to other local storage variables in the contract, leading to potential data manipulation.
-> If the array is accessed before being initialized, it could lead to unpredictable behavior, as it might contain random data.
-> The variable is also public, making it visible and accessible to other contracts. This could leave it open to misuse or abuse

Vulnerability Details

Loan[] public loans; change to Loan[] private loans = new Loan;

Impact

loans is initialized as an empty array and its visibility is set to private. This ensures that the state variable is only accessible within the contract, helping to prevent unauthorized access or manipulation

Tools Used

Olympix

Recommendations

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.