Beedle - Oracle free perpetual lending

Summary

The buyLoan function in Lender.sol allows anyone to call it without verifying if the caller has an existing pool with tokens, as indicated in the comment. This lack of implementation for checking the pool ownership results in potential misuse of the function by unauthorized callers. The absence of a proper pool ownership check undermines the intended security of the protocol.

Vulnerability Details

The buyLoan function is designed to be called by anyone. However, there is no validation or check in place to ensure that the caller has an existing pool with tokens. As a result, any address, whether they have a pool or not, can invoke the function without restriction.

Impact

This vulnerability could lead to several negative consequences:

Unauthorized Access: Any address, including those without a pool, can attempt to execute the function. This can result in unauthorized access to loan refinance auctions and interfere with the normal operation of the lending protocol.

Unintended Behavior: Calls from addresses without pools could lead to unintended or erroneous updates to the loan and pool data, potentially causing inconsistencies and disrupting the overall functioning of the protocol.

Loss of Funds: If a caller without a pool successfully calls the buyLoan function, they may interact with loan funds and tokens held in the protocol's contract. This unauthorized access can result in loss of funds or collateral for the protocol and legitimate pool holders.

Tools Used

Manual Review

Recommendations

Implement a check in the buyLoan function to ensure that only callers with an existing pool can participate in the loan refinance auctions. This check should verify the pool ownership of the caller before allowing them to proceed with the function execution.