Beedle - Oracle free perpetual lending

Summary

The refinance function in the Lender contract shares similarities with the previously reported vulnerability in the Lender.borrow function, making it susceptible to a front-run attack. Malicious lenders can exploit this vulnerability to deceive borrowers into executing refinancing transactions with unfavorable terms.

Vulnerability Details

In the Lender.refinance function, there is no verification of the refinance data against the target lender's pool configurations, such as auctionLength and interestRate. This enables malicious lenders to create honey-pot pools and manipulate the settings to their advantage. By executing a frontrun transaction, malicious lenders can set extremely unfavorable parameters, such as a maximum interest rate and minimum auction time. Without safeguards in place for the refinance data, borrowers can unintentionally end up refinancing with undesirable terms.

Impact

This vulnerability leads to frontrunning scenarios that can cause significant losses to borrowers who decide to refinance to a bad pool:

Set the auction length to 1 second

Malicious lenders can exploit this vulnerability to initiate auctions prematurely and seize collateral from borrowers after only 1 second (auctionLength = 1). As a result, borrowers may suffer substantial financial losses, as they could lose their collateral due to the quick execution of the malicious auction.

Set the interest rate to the maximum value

Malicious lenders could also exploit this vulnerability to trick borrowers into accepting loans with artificially low interest rates. However, after the refinance transaction is sniffed on-chain, the loan's interest rate can be manipulated to a very high value of MAX_INTEREST_RATE (1000%), causing financial losses if the borrower is unaware of the situation and responds too late.

Tools Used

Manual Review

Recommendations

1. The refinance data should include an expected auctionLength and interestRate property to guard against front-running attacks. This would enable borrowers to verify the interest rate before finalizing the loan refinancing, helping them avoid accepting loans with unfavorable terms.

2. Enforce a minimum auctionLength when creating lending pools to prevent the creation of pools with extremely short auction durations. This would help mitigate the impact of potential front-running attacks.