Beanstalk Part 1

Summary

Beanstalk uses Chainlink Oracle to get ETH/USD price which has a specific feed address. That fee address is hard coded and assigned into a constant variable to use in the functions later.

Vulnerability Details

See the following code:

Impact

Hard-coding price feed addresses can introduce several issues and risks to the system. Firstly, it poses a problem if the hardcoded address becomes deprecated or if it's not accurate. This can lead to incorrect pricing information being used within the system, potentially causing financial losses or inaccurate calculations. Additionally, hard-coded addresses can hinder the flexibility and upgradability of the system, as any changes to the price feed contract would require modifying and redeploying the smart contract code. Overall, reliance on hard-coded addresses for price feeds can undermine the reliability and adaptability of the system.

Tools Used

Manual Review

Recommendations

To enhance the resilience and flexibility of the system, it's recommended to avoid hard-coding price feed addresses. Instead, implement mechanisms for dynamically fetching or updating price feed addresses. This can involve utilizing external configuration parameters, integrating with decentralized oracle solutions, and regularly reviewing and verifying the correctness of price feed addresses. By adopting these practices, the system can maintain accurate pricing information while remaining adaptable to changes in the underlying infrastructure.