Beanstalk Part 1

Beanstalk

DeFiHardhatOracleProxyUpdates

100,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Locked Ether Vulnerability in MigrationFacet.sol

heim

Summary

The MigrationFacet.sol contract has been identified with a potential vulnerability related to locked Ether. The contract contains a payable function (mowAndMigrate) without a corresponding withdrawal mechanism, leading to a risk of permanently locking any Ether sent to the contract.

Vulnerability Details

The vulnerable contract's mowAndMigrate function is designed to handle migrations of deposits but lacks a proper withdrawal mechanism for any Ether sent to it. This violates best practices for secure contract design.

Impact

The impact of this vulnerability is the permanent loss of Ether sent to the contract through the mowAndMigrate function. Users sending Ether to this function risk having their funds irreversibly locked within the contract.

Tools Used

Manual review and slither.

Recommendations

To address this issue, it is recommended to implement a withdrawal mechanism within the MigrationFacet.sol contract, allowing users to retrieve any Ether sent to the contract.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

Stuck funds

Prize pool breakdown

Total prize

100,000 USDC

nSLOC

5,776

17 USDC / LOC

High Medium

95,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.