Submission Details
Severity:
Benign reentrancy vulnerabilities
Summary
Possible benign reentrancy vulnerabilities (exploitation would have the same effect as two consecutive calls.)
Vulnerability Details
File: contracts/beanstalk/sun/SeasonFacet/Sun.sol
/// @audit ******************* Issue Detail *******************
Reentrancy (benign) in Sun.rewardBeans(uint256) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#83-104):
External calls:
- C.bean().mint(address(this),newSupply) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#86)
State variables written after the call(s):
- newFertilized = rewardToFertilizer(newSupply) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#90)
- s.bpf = uint128(firstEndBpf) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#132)
- s.fertilizedIndex = s.fertilizedIndex.add(newFertilized) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#133)
- s.bpf = uint128(newTotalBpf) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#146)
- s.fertilizedIndex = s.fertilizedIndex.add(newFertilized) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#148)
- newHarvestable = rewardToHarvestable(newSupply) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#96)
- s.f.harvestable = s.f.harvestable.add(newHarvestable) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#164)
- rewardToSilo(newSupply) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#101)
- s.earnedBeans = s.earnedBeans.add(amount.toUint128()) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#178)
- s.s.stalk = s.s.stalk.add(amount.mul(C.STALK_PER_BEAN)) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#186)
- s.siloBalances[C.BEAN].deposited = s.siloBalances[C.BEAN].deposited.add(amount.toUint128()) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#192-195)
- s.siloBalances[C.BEAN].depositedBdv = s.siloBalances[C.BEAN].depositedBdv.add(uint128(amount)) (contracts/beanstalk/sun/SeasonFacet/Sun.sol#198-201)
/// @audit ************** Possible Issue Line(s) **************
L#86, L#90, L#132, L#133, L#146, L#148, L#96, L#164, L#101, L#178, L#186, L#192-195, L#198-201,
/// @audit ****************** Affected Code *******************
83: function rewardBeans(uint256 newSupply) internal returns (uint256 newHarvestable) {
84: uint256 newFertilized;
85:
86: C.bean().mint(address(this), newSupply);
87:
88: // Distribute first to Fertilizer if some Fertilizer are active
89: if (s.season.fertilizing) {
90: newFertilized = rewardToFertilizer(newSupply);
91: newSupply = newSupply.sub(newFertilized);
92: }
93:
94: // Distribute next to the Field if some Pods are still outstanding
95: if (s.f.harvestable < s.f.pods) {
96: newHarvestable = rewardToHarvestable(newSupply);
97: newSupply = newSupply.sub(newHarvestable);
98: }
99:
100: // Distribute remainder to the Silo
101: rewardToSilo(newSupply);
102:
103: emit Reward(s.season.current, newHarvestable, newSupply, newFertilized);
104: }
132: s.bpf = uint128(firstEndBpf); // SafeCast unnecessary here.
133: s.fertilizedIndex = s.fertilizedIndex.add(newFertilized);
146: s.bpf = uint128(newTotalBpf); // SafeCast unnecessary here.
148: s.fertilizedIndex = s.fertilizedIndex.add(newFertilized);
164: s.f.harvestable = s.f.harvestable.add(newHarvestable);
178: s.earnedBeans = s.earnedBeans.add(amount.toUint128());
186: s.s.stalk = s.s.stalk.add(amount.mul(C.STALK_PER_BEAN));
192: s.siloBalances[C.BEAN].deposited = s
193: .siloBalances[C.BEAN]
194: .deposited
195: .add(amount.toUint128());
198: s.siloBalances[C.BEAN].depositedBdv = s
199: .siloBalances[C.BEAN]
200: .depositedBdv
201: .add(uint128(amount));
GitHub : 83-104
Impact
two consecutive calls may result in wrong state of the contract.
Tools Used
Manual Review
Recommendations
Code should follow the best-practice of check-effects-interaction, where state variables are updated before any external calls are made. Doing so prevents a large class of reentrancy bugs.
Updates
Lead Judging Commences
giovannidisiena over 1 year ago
Submission Judgement Published Reason: Too generic
Assigned finding tags:
Informational/Invalid
Prize pool breakdown
Total prize
100,000 USDC
nSLOC
5,77617 USDC / LOC
95,000 USDC
5,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.