Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

refinance function contains a double accounting error

0xCiphky

Summary

The refinance function in the Lender contract, which allows borrowers to refinance their loans, contains a double accounting error when updating the balances after a successful refinance.

Vulnerability Details

The refinance function erroneously updates the new lender's pool balance twice for the same loan debt.

For each refinance operation, the function validates the loan and new lender pool, calculates the new debt, updates the old and new lender's pool balances, and transfers any necessary tokens.

// update the old lenders pool
_updatePoolBalance(oldPoolId, pools[oldPoolId].poolBalance + loan.debt + lenderInterest);
pools[oldPoolId].outstandingLoans -= loan.debt;
// now lets deduct our tokens from the new pool
_updatePoolBalance(poolId, pools[poolId].poolBalance - debt);
pools[poolId].outstandingLoans += debt;

During the refinancing process, the new lender's pool balance should be updated once to reflect the new loan debt.
However, near the end of the function, the new lender's pool balance is reduced by the same loan debt again. This results in the new lender's pool balance being deducted twice for the same debt, essentially double-counting the debt.

pools[poolId].poolBalance -= debt;

Impact

Severity: High. The new lender is charged double the amount of the actual loan debt.

Likelihood: High. The refinance function is a critical part of the protocol and is likely to be used frequently.

Tools Used

Manual analysis

Recommendations

The double accounting error can be rectified by removing the second balance update for the new lender's pool balance. This should ensure that the new lender's pool balance is only reduced by the loan debt once.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.