Beanstalk Part 1

Beanstalk

DeFiHardhatOracleProxyUpdates

100,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

`C.bean().transfer` is not checking the return value, transaction may fails silently

0xtheblackpanther

Summary

The LibWellConvert.sol uses the transfer function to transfer the specified amount of Beans to the well address, which represents the liquidity pool. However, it fails to handle the boolean return value from these external calls, creating a potential risk of silent transaction failures.

There is no return value checked after the transfer, which could potentially lead to issues if the transfer fails or the expected amount of Beans is not transferred. It's important to handle potential failure scenarios appropriately, such as reverting the transaction or implementing error handling logic.

Impact:

Failure to handle the return value could result in silent transaction failures. If the transfer operation fails for any reason, such as insufficient funds or other unforeseen issues, the contract will not be aware of the failure, potentially leading to unexpected behavior and user confusion.

Recommendation:

Implement proper error handling logic after the transfer function calls to check for the boolean return value and handle potential failure scenarios accordingly. This may include reverting the transaction if the transfer fails or emitting an event to notify users about the failure.

For example:

/**

* @dev Adds as Beans Liquidity with the constraint that delta B >= 0.

function _wellAddLiquidityTowardsPeg(uint256 beans, uint256 minLP, address well)

internal

returns (uint256 lp, uint256 beansConverted)

{

(uint256 maxBeans,) = _beansToPeg(well);

require(maxBeans > 0, "Convert: P must be >= 1.");

beansConverted = beans > maxBeans ? maxBeans : beans;

// Transfer Beans to well address

+ bool success = C.bean().transfer(well, beansConverted);

+ require(success, "Convert: Bean transfer to well failed"); // Revert if transfer fails

lp = IWell(well).sync(address(this), minLP);

}

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

Bean transfer return

0xtheblackpanther Submitter

over 1 year ago

giovannidisiena Lead Judge

over 1 year ago

0xtheblackpanther Submitter

over 1 year ago

giovannidisiena Lead Judge

over 1 year ago

0xtheblackpanther Submitter

over 1 year ago

giovannidisiena Lead Judge

over 1 year ago

giovannidisiena Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

Bean transfer return

Prize pool breakdown

Total prize

100,000 USDC

nSLOC

5,776

17 USDC / LOC

High Medium

95,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.