Competitive Audits
First Flights
Judging
Leaderboard
Docs
Toggle theme
Sign up
Log in
All Contests
Beedle - Oracle free perpetual lending
Submissions
Beedle - Oracle free perpetual lending
BeedleFi
Beedle - Oracle free perpetual lending
BeedleFi
DeFi
Foundry
20,000
USDC
Public
20,000
USDC
Jul 24th, 2023 → Aug 7th, 2023
View repo
View results
2114 / 2114
Submissions
Severity
Validity
Tags
Author
#1
Check-Effect-Interaction is not enforced
Low
-
nax
#2
Single-step ownership transfer pattern is dangerous
Medium
-
Manav Goyal
#3
No slippage check in `sellProfits`, it could be exploited by a MEV bot
High
-
Pyro
#4
`refinance` reduces the pool's balance by the debt twice
High
-
Pyro
#5
Unchecked trasnfer/trasnferFrom may lead to silent returns
Medium
-
Pyro
#6
Lack of specific time input can result in MEVs exploiting `sellProfits`
Medium
-
Pyro
#7
MEV can sandwich every harvest due to missing slippage tolerance value
High
-
Manav Goyal
#8
Gas stipend for external call might be insufficient and lead to stuck ETH
Medium
-
Manav Goyal
#9
`<x> += <y>` costs more gas than `<x> = <x> + <y>` for state variables
Gas
-
0xNiloy
#10
<array>.length should not be looked up in every loop of a for-loop
Gas
-
0xNiloy
#11
`<array>.length` Should Not Be Looked Up In Every Loop Of A For-loop
Gas
-
0xNiloy
#12
`++i/i++` should be `unchecked{++i}/unchecked{i++}` when it is not possible for them to overflow, as is the case when used in for- and while-loops
Gas
-
0xNiloy
#13
Using `private` rather than `public` for constants, saves gas
Gas
-
0xNiloy
#14
Solidity version `0.8.20` may not work on other chains due to `PUSH0`
Medium
-
0xNiloy
#15
Possible rounding issue
Low
-
0xNiloy
#16
Prevent division by 0
Low
-
0xNiloy
#17
The `owner` is a single point of failure and a centralization risk
Medium
-
0xNiloy
#18
Unsafe use of `transfer()`/`transferFrom()` with `IERC20`
Medium
-
0xNiloy
#19
Unchecked ERC20 transfers can lead to funds draining/freezing
High
-
Sonny Luu
#20
Fee on transfer or deflationary erc20 tokens not taken into account while calculating poolBalance which can lead to loss of funds.
High
-
Suzombie
#21
Unauthorized Fund Claim in Staking Contract
Medium
-
0x4ka5h
#22
Return values of `transfer()`/`transferFrom()` not checked
Medium
-
0xNiloy
#23
Profits can get stuck in Fees contract -- in case there's no 0.3% pool
Medium
-
n1punp
#24
`sellProfits` is prone to MEV sandwich attack
High
-
n1punp
#25
A slippage of 0 allows anyone to steal the fee contract funds
High
-
kutu
#26
transferFrom function can fail silently leading to wrong pool.poolBalance. An attacker can become lender and remove or borrow the tokens without sending any funds to the contract for lending.
High
-
Suzombie
#27
Staking deposit function transferFrom first and then updateFor causing partial reward get stuck in the contract forever
High
-
kutu
#28
Frontrun can get the full reward, no staking time required
Medium
-
kutu
#29
Staking contracts should be assert TKN != WETH
Low
-
kutu
#30
Single-step Ownership Transfer Can be Dangerous
Medium
-
polaristow
Previous
1
2
3
...
More pages
71
Next
Support
FAQs
Can’t find an answer? Join our Discord or follow us on Twitter.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
What is community judging?
How do I get rewarded?
What is a First Flight?
Give us feedback!
