Beanstalk Part 1

Beanstalk

DeFiHardhatOracleProxyUpdates

100,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Race condition in `TokenFacet`

0xtheblackpanther

Summary

The permitToken function within the TokenFacet, has the potential race condition issues associated with the permit system. Even though TokenFacet is out of scope of this audit but the permit function allows users to create approvals prior to execution, which inherently introduces the risk of race conditions. And these approvals of tokens can be used in Beanstalk instances which are in scope. The implementation of the permit function does not include explicit safeguards against race conditions, leaving room for potential vulnerabilities.

Impact

Race Conditions: The permit function's design exposes it to race conditions, where multiple transactions may attempt to modify allowances concurrently, leading to inconsistencies or unexpected behavior. This could potentially allow attackers to exploit the system by manipulating allowances or gaining unauthorized access.

PoC

The LibTokenPermit permit function is called by the TokenFacet permitToken function.
After the permit function call, the permitToken function invokes the approve function from LibTokenApprove.
The approve function updates the approval for the specified spender and token to the provided amount. It updates the state variable s.a[account].tokenAllowances[spender][token] with the new allowance amount.

The approve function updates the allowance for the specified spender and token to the provided amount. Therefore, it will overwrite any previous approval for that spender and token with the new amount.

There is a potential for a race condition if multiple transactions are attempting to update the allowance for the same spender and token simultaneously. If two transactions read the allowance, modify it, and then attempt to write it back without awareness of each other, it could result in inconsistencies or unexpected behavior.

Recommendation

Permit systems in general have race conditions given the signature is created prior to execution. So generally it’s up to the implementor to properly implement the permit function such that a race condition doesn’t occur, this is why provide clear documentation and guidance to users regarding the risks associated with creating approvals and using the permit function.

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

0xtheblackpanther Submitter

over 1 year ago

giovannidisiena Lead Judge

over 1 year ago

giovannidisiena Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

100,000 USDC

nSLOC

5,776

17 USDC / LOC

High Medium

95,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.