Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: high

There is no minimum value set for auctionLength

polaris_tow

Summary

The absence of a minimum value set for auctionLength could potentially lead to financial losses for the borrower.

Vulnerability Details

The value of auctionLength represents the duration of an auction. The contract checks whether auctionLength is equal to 0 or greater than MAX_AUCTION_LENGTH, but it doesn't consider a minimum value for auctionLength. This opens up the possibility for malicious actions by the lender, allowing them to exploit the borrower's assets. For instance, if the lender sets auctionLength to an extremely small value like 1 second, the auction will conclude after just 1 second. This leaves no time for other lenders to participate and purchase the loan, enabling the lender to liquidate the borrower's assets directly. If the borrower overlooks this value, it could result in significant asset loss.

function startAuction(uint256[] calldata loanIds) public {
for (uint256 i = 0; i < loanIds.length; i++) {
uint256 loanId = loanIds[i];
// get the loan info
Loan memory loan = loans[loanId];
// validate the loan
if (msg.sender != loan.lender) revert Unauthorized();
if (loan.auctionStartTimestamp != type(uint256).max)
revert AuctionStarted();
// set the auction start timestamp
loans[loanId].auctionStartTimestamp = block.timestamp;
emit AuctionStart(
loan.borrower,
loan.lender,
loanId,
loan.debt,
loan.collateral,
block.timestamp,
loan.auctionLength
);
}
}

Impact

This will unconditionally lead to the liquidation of the borrower, causing financial damage to the borrower's funds.

Tools Used

vscode

Recommendations

Consider setting a minimum value for auctionLength.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!