Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium

Able to `giveLoan` to another user if the value of the collateral on our loan loses value fast

amarfares

Summary

Since the protocol is oracleless and has no checks to verify if the price of a collateral token suddenly drops exponentially to automatically liquidate the loan, we are able to giveLoan to another pool that matches the parameters of our pool, in the scenario that the victim is also not aware of the drop in collateral value, he will be assigned a loan which is unfavourable for him.

Vulnerability Details

The function giveLoan allows us to give a loan to another pool, if some parameters of both pools match, namely:

// validate the new loan
if (pool.loanToken != loan.loanToken) revert TokenMismatch();
if (pool.collateralToken != loan.collateralToken)
revert TokenMismatch();
// new interest rate cannot be higher than old interest rate if (pool.interestRate > loan.interestRate) revert RateTooHigh();
// auction length cannot be shorter than old auction length
if (pool.auctionLength < loan.auctionLength) revert AuctionTooShort();

As long as the loanToken matches, the collateralToken matches, the new interestRate is not higher than the old one, and the auctionLength is not shorter than the old one, we can give our loan to an unsuspecting pool.

Impact

Either intentionally or non intentionally assign a loan with unfavourable conditions to a victim.

Tools Used

Manual review

Recommendations

In this case we could use a 2-step procedure where the new pool owner has to accept the loan? That seems like a reasonable way to combat this.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!