Beanstalk Part 1
Beanstalk
DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

[M] SiloFacet lacks EIP 1155 compliance in safeTransferFrom and safeTransferBatchFrom

golanger85

Summary

Under the documentation, Beanstalk mentions its compatibilities:

Tokens:

ERC-20 (all are accepted in Farm balances, a whitelist is accepted on the Deposit Whitelist, etc.)
ERC-1155 (Fertilizer and Deposits are ERC-1155 tokens)

However, the SiloFacet safeTransferBatchFrom & safeTransferFrom functions do not fully comply with the ERC-1155 standard.

Vulnerability Details

The requirement to check if the recipient is a contract and then call onERC1155Received is pivotal for
ensuring safe token transfers to smart contracts. This check prevents tokens from being locked in contracts
that do not recognize or cannot handle them. When transferring tokens to a contract, onERC1155Received allows
the receiving contract to acknowledge the transfer or revert the transaction if it's not designed to accept the
tokens. This mechanism prevents accidental loss of tokens and ensures that only compatible contracts can receive
and manage ERC-1155 tokens.

Same in safeTransferBatchFrom

If to refers to a smart contract, it must implement IERC1155Receiver.onERC1155BatchReceived and return the
acceptance magic value.

Similar to the safeTransferFrom analysis, the provided function does not perform a check to see if the
recipient is a contract and then call onERC1155BatchReceived. This step is crucial for safe interaction
with smart contracts, ensuring they can handle the received tokens. This omission is a deviation from
full compliance with the ERC-1155 standard.

https://docs.openzeppelin.com/contracts/3.x/api/token/erc1155#IERC1155Receiver

https://docs.openzeppelin.com/contracts/3.x/api/token/erc1155#IERC1155Receiver-onERC1155Received-address-address-uint256-uint256-bytes-

https://docs.openzeppelin.com/contracts/3.x/api/token/erc1155#ERC1155

https://eips.ethereum.org/EIPS/eip-1155

Impact

Lack of compliance with the EIP-1155 standard.

Tools Used

Manual Review

Recommendations

Implement the recommended onERC1155Received and onERC1155BatchReceived checks as suggested in the links above, especially paying close attention to the SAFE TRANSFER RULES.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational/Invalid

golanger85 Submitter
about 1 year ago
giovannidisiena Lead Judge
about 1 year ago
golanger85 Submitter
about 1 year ago
golanger85 Submitter
about 1 year ago
giovannidisiena Lead Judge
about 1 year ago
golanger85 Submitter
about 1 year ago
giovannidisiena Lead Judge
about 1 year ago
giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.