DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Submission Details
Severity: high
Invalid

Reentrancy Vulnerability in BeanstalkERC20.sol

Summary

High-severity reentrancy vulnerability in the gm function of the SeasonFacet contract. The vulnerability arises from external calls made within the function, specifically to calcCaseIdandUpdate, followed by state variable modifications in stepSun. This sequence of operations could potentially allow for reentrancy attacks.

Vulnerability Details

The vulnerability involves external calls within the gm function, where calculations and state modifications occur. External calls to calcCaseIdandUpdate are followed by modifications to state variables in stepSun. This pattern could enable reentrancy attacks if the called contracts re-enter the SeasonFacet contract before state modifications are completed.

Code snippet:(contracts/beanstalk/sun/SeasonFacet/SeasonFacet.sol#44-57)

function gm(address account, LibTransfer.To mode) public payable returns (uint256) {
uint256 initialGasLeft = gasleft();
require(!s.paused, "Season: Paused.");
require(seasonTime() > s.season.current, "Season: Still current Season.");
uint32 season = stepSeason();
int256 deltaB = stepOracle();
uint256 caseId = calcCaseIdandUpdate(deltaB);
LibGerminate.endTotalGermination(season, LibWhitelistedTokens.getWhitelistedTokens());
LibGauge.stepGauge();
stepSun(deltaB, caseId);
return incentivize(account, initialGasLeft, mode);
}

Exploit Scenario
An attacker could exploit this vulnerability by triggering a reentrancy attack through a fallback function in a malicious contract. If the external calls within gm trigger the attacker's fallback function, they could potentially re-enter the SeasonFacet contract before state modifications are completed, leading to unexpected behavior.

Impact

The impact of this vulnerability is assessed as high. Successful exploitation could enable reentrancy attacks, allowing an attacker to manipulate the contract's state and exploit unintended behaviors.

Tools Used

Manual review and slither.

Recommendations

Apply Check-Effects-Interactions Pattern: Ensure that state modifications are performed before any external calls to prevent reentrancy attacks. Review the sequence of operations in the gm function to ensure that state modifications occur before any external calls.

Use ReentrancyGuard: Consider implementing the ReentrancyGuard pattern in the gm function and other relevant functions to prevent reentrancy attacks. This pattern can help mitigate the risk of reentrancy vulnerabilities by ensuring that functions are not re-entered recursively.

Updates

Lead Judging Commences

hans Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.