Beanstalk Part 1
Beanstalk
DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Functions are payable but any ether sent will be lost

holydevoti0n

Vulnerability Details

Several functions from the Facets(Silo, Season, etc) that shouldn't receive ether are marked as payable as a way to work with the Pipeline module where multicalls can be made.

Due to marking those functions as payable, any ether that is sent to these contracts will be lost as almost all of those contracts do not require ether to function as expected and don't provide a recovery system either.

For instance: SeasonFacet:

function sunrise() external payable returns (uint256) {
return gm(msg.sender, LibTransfer.To.EXTERNAL);
}

The user will be rewarded in beans by calling this function and there is no need at all to send ether to this function as in many other facet contracts.

Tools Used

Manual Review

Recommendations

For functions that do not require ether, include a modifier that will ensure it will only be executed if msg.value == 0 and it will not revert, so it doesn't break the Pipeline calls.

modifier noEther() {
if(msg.value == 0) {
_;
}
}

i.e:

- function sunrise() external payable returns (uint256) {
+ function sunrise() external payable returns (uint256) noEther {
return gm(msg.sender, LibTransfer.To.EXTERNAL);
}
Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

Stuck funds

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.