Beedle - Oracle free perpetual lending

Summary

The Lender contract has a vulnerability in the borrow function, allowing malicious lenders to front-run borrowers by overriding attractive configurations with unfavorable ones. This lack of verification exposes borrowers to the risk of dealing with lending pools that have appealing initial settings but can be manipulated to exploit borrowers later.

Vulnerability Details

In the Lender.borrow function, there is no verification of the borrow data against the lender's pool vital configurations, such as auctionLength and interestRate. This opens up the possibility for malicious lenders to create enticing lending pools with attractive configurations, such as low interest rates. Once a borrower takes the bait and borrows, malicious lenders can execute a frontrun transaction to set extremely unfavorable settings, such as a maximum interest rate and a minimum auction time. Since there are no safeguards in place for the borrow data, borrowers can be trapped in bad deals.

Impact

This vulnerability leads to frontrunning scenarios that can cause significant losses to borrowers:

Set the auction length to 1 second

Malicious lenders can exploit this vulnerability to initiate auctions prematurely and seize collateral from borrowers after only 1 second (auctionLength = 1). As a result, borrowers may suffer substantial financial losses, as they could lose their collateral due to the quick execution of the malicious auction.

Set the interest rate to the maximum value

Malicious lenders could also exploit this vulnerability to trick borrowers into accepting loans with artificially low interest rates. However, after the borrow is sniffed, the loan's interest rate can be manipulated to a very high value of MAX_INTEREST_RATE (1000%), causing financial losses if the borrower is unaware of the situation and responds too late.

Tools Used

Manual Review

Recommendations

1. The borrow data should include an expected auctionLength and interestRate property to guard against front-running attacks. This would enable borrowers to verify the interest rate before finalizing the loan, helping them avoid accepting loans with unfavorable terms.

2. Enforce a minimum auctionLength when creating lending pools to prevent the creation of pools with extremely short auction durations. This would help mitigate the impact of potential front-running attacks.