Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: high

Valid

Borrower needs to pay more interest than expected when a loan is bought or given to another pool

Juntao

Summary

Borrower needs to pay more interest than expected when a loan is bought or given to another pool.

Vulnerability Details

When a loan is bought or given to another pool, the accrued interest will be added to the loan's debt:

uint256 totalDebt = loan.debt + lenderInterest + protocolInterest;

loans[loanId].debt = totalDebt;

This is wrong because borrower then may need to pay more interest than expected.

Assuming borrower borrows 1000 token with interest rate being 10%, the borrower is expected to pay 200 interest after 2 years.

However, if the loan is given to another pool after 1 year, the new debt is 1100 (1000 debt + 100 interest), and starts from the 2nd year, the interest will be calculated based on the new debt, so the interest accrued in the 2nd year is 110.

The total interest is 210, borrower has to pay 10 more interest.

Impact

Borrower has to pay more tokens to repay the debt.

Tools Used

Manual Review

Recommendations

The interest should not be accounted for calculating the interest. When a loan is bought, refinanced or given to another pool, the accrued interest so far should be recored as a fixed debt without accruing interest.

// mapping of loanId to fixed debts

+ mapping(uint256 => uint256) public fixedDebts;

function giveLoan(

uint256[] calldata loanIds,

bytes32[] calldata poolIds

) external {

for (uint256 i = 0; i < loanIds.length; i++) {

uint256 loanId = loanIds[i];

…

// calculate the interest

(

uint256 lenderInterest,

uint256 protocolInterest

) = _calculateInterest(loan);

+ fixedDebts[loanId] += (lenderInterest + protocolInterest);

…

// update the loan with the new info

loans[loanId].lender = pool.lender;

loans[loanId].interestRate = pool.interestRate;

loans[loanId].startTimestamp = block.timestamp;

loans[loanId].auctionStartTimestamp = type(uint256).max;

- loans[loanId].debt = totalDebt;

…

}

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!