Protocol makes use of wrapped counterparts oracles for pricing
Summary
Vulnerability Details
Take a look at https://github.com/Cyfrin/2024-02-Beanstalk-1/blob/a3658861af8f5126224718af494d02352fbb3ea5/protocol/contracts/C.sol#L72
The above is used while querying prices for the ETH token, but it's instead the WETH pool address, and also against the USDC token, now where as the former might be a bit harder to depeg, the latter has depegged multiple times
Impact
This hints that whenever there is a depeg then the price returned is going to be flawed or pricing logic might not even be accessible, this is cause protocol mixes query of both chainlink and uniswap to confirm that the prices are within the greedy, leading to all attemots to query prices in this case https://github.com/Cyfrin/2024-02-Beanstalk-1/blob/a3658861af8f5126224718af494d02352fbb3ea5/protocol/contracts/libraries/Oracle/LibUniswapOracle.sol#L32 to revert after its been passed to main contract to verify the greediness check whenfetching the manipulation resistant ETH/USD price.
Tools Used
Recommendations
Consider using a more reliable source of pricing as a secondary/fallback oracle, for e,g tellor
Lead Judging Commences
Informational/Invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.