Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

Submission Details

Severity: medium

Valid

Reentrancy in the refinance() function for ERC777 tokens can be exploited to drain contract

The refinance() function for ERC777 tokens(extension of ERC20) is vulnerable to reentrancy, which can be exploited to drain the contract.

Eve creates a pool by calling the setPool() function and set collateralToken as an ERC777 token.
Eve borrows 1 loan token from her pool.
Eve borrows 1 additional wei loan token from her pool and deposite a large amount of collateralToken tokens as collateral., increasing the outstandingLoans to 1e18 + 1.
Eve first calls the refinance() function for the second borrowing, setting refinances[i].debt and refinances[i].collateral to ZERO. Lender.sol then transfers collateralToken tokens to her contract. After that, she reenters the refinance() function to drain all of the collateralToken tokens.

Loss of user funds.

None

Do not allow reentrancy in this function.

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

The contest is live. Earn rewards by submitting a finding.

Submissions are being carefully reviewed by our judges.

This is your time to appeal against judgements on your submissions.

Appeals are being carefully reviewed by our judges.

The contest is complete and the rewards are being distributed.

Support

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.