Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

No Precision Scaling

0xCiphky

Summary

The contracts calculations assumes that both the debt and collateral variables are represented in tokens with the same decimals.

Vulnerability Details

lets look at an example

The borrow function in the given contract calculates a loanRatio to determine the risk associated with a loan based on the debt and collateral provided.

uint256 loanRatio = (debt * 10 ** 18) / collateral;

In scenarios where debt and collateral are tokens with different decimal precision, such as DAI (18 decimals) and USDC (6 decimals), the loanRatio can result in incorrect risk management as it is used to enforce the maximum loan-to-value ratio:

if (loanRatio > pool.maxLoanRatio) revert RatioTooHigh();

Impact

This can lead to loans with a higher actual ratio than intended, exposing lenders to higher default risks.

Tools Used

Manual analysis

Recommendations

When combining amounts of multiple tokens that may have different precision, convert all of the amounts into the same precision before any computation.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.