Beanstalk Part 1
Beanstalk
DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Vulnerability to Block Timestamp Manipulation in SeasonFacet Contract

pisces

Summary

Hello team,
The SeasonFacet contract within the Beanstalk project is susceptible to a vulnerability that allows for manipulation of the block timestamp. This vulnerability could potentially be exploited by miners or malicious actors to influence the contract's logic, leading to unintended outcomes. The issue lies in the contract's reliance on the block.timestamp for determining the current season, which can be manipulated by altering the timestamp of the block being mined.

Vulnerability Details

  1. Setup the Test Environment: Ensure that the Hardhat environment is correctly set up with the necessary dependencies, including @nomicfoundation/hardhat-network-helpers for manipulating the block timestamp.

  2. Deploy the SeasonFacet Contract: Deploy the SeasonFacet contract to a local or test network using Hardhat.

  3. Manipulate the Block Timestamp: Use the time.increase function from @nomicfoundation/hardhat-network-helpers to advance the block timestamp by a significant amount, simulating a future time.

  4. Call the seasonTime Function: After manipulating the block timestamp, call the seasonTime function on the SeasonFacet contract.

  5. Observe the Output: The output should indicate that the seasonTime function did not return the expected value, suggesting that the block timestamp manipulation did not have the intended effect on the contract's logic.

Full POC Script:

const { ethers } = require("hardhat");
const { expect } = require("chai");
const { time } = require("@nomicfoundation/hardhat-network-helpers");
describe("SeasonFacet", function () {
let SeasonFacet;
let seasonFacet;
beforeEach(async function () {
SeasonFacet = await ethers.getContractFactory("SeasonFacet");
seasonFacet = await SeasonFacet.deploy();
await seasonFacet.deployed();
});
it("should not allow sunrise if timestamp is manipulated", async function () {
await time.increase(3600); // Advance time by one hour
const season = await seasonFacet.seasonTime();
expect(season).to.equal(0); // Expect the current season
});
});

Output:

$ npx hardhat test test/SeasonFacet.test.js
SeasonFacet
1) should not allow sunrise if timestamp is manipulated
AssertionError: expected 4294967295 to equal +0
+ expected - actual
-4294967295
+0

Impact

This vulnerability could allow miners or malicious actors to manipulate the block timestamp to influence the outcome of transactions or contract logic, potentially leading to financial loss or other unintended consequences for users of the Beanstalk project.

Tools Used

Manual code audit

Recommendations

To mitigate this vulnerability, consider implementing a more robust mechanism for determining the current time, such as using block numbers or a combination of block numbers and timestamps. Additionally, ensure that any logic dependent on the block timestamp is thoroughly tested to confirm its resilience against manipulation.

// Example of using block numbers for time-sensitive logic
function getCurrentSeason() public view returns (uint256) {
uint256 blocksPerSeason = 5760; // Example value, adjust based on actual requirements
return (block.number / blocksPerSeason) % 4; // Assuming 4 seasons
}

This fix involves using block numbers to determine the current season, which is less susceptible to manipulation compared to relying solely on the block timestamp.

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality
Assigned finding tags:

Informational/Invalid

pisces Submitter
over 1 year ago
giovannidisiena Lead Judge
over 1 year ago
giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.