Beanstalk Part 1

Beanstalk

DeFiHardhatOracleProxyUpdates

100,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Native ETH sent to `UnripeFacet.sol` will be stucked

erictee

Summary

In UnripeFacet.sol, multiple functions contain payable keyword which indicates that native ethers can be sent along the call. Those functions are:

UnripeFacet.sol::chop
UnripeFacet.sol::pick
UnripeFacet.sol::addUnripeToken
UnripeFacet.sol::addMigratedUnderlying
UnripeFacet.sol::switchUnderlyingToken

Vulnerability Details

However, these functions doesn't expect to handle ethers and protocol users accidentally send native ethers to these functions, their ethers will be stucked in the contract forever.

Impact

Native ethers send along with these functions will be lost forever.

Tools Used

Manual Analysis

Recommendations

Remove payable keyword if native ether is not expected for the mentioned functions or add checks require(msg.value == 0, "native ethers doesn't accept here."); .

Updates

Lead Judging Commences

floopthepig Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

Stuck funds

Prize pool breakdown

Total prize

100,000 USDC

nSLOC

5,776

17 USDC / LOC

High Medium

95,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.