Summary

When calculating the SOP, the price of ETH/USD is fetched from the Chainlink oracle through the calculateSop function.

This is done before the calculation and distribution of rewards in the swapFrom function.

The CHAINLINK_TIMEOUT constant within LibChainlinkOracle is set to 14400 seconds (4 hours), indicating Beanstalk's tolerance for the age of price data. This setup allows for the use of inaccurate price data in reward calculations due to the mismatch between the hardcoded timeout value and the actual update frequency of the Chainlink feed, which is approximately every hour.

https://data.chain.link/feeds/ethereum/mainnet/eth-usd

Vulnerability Details

The core issue stems from the CHAINLINK_TIMEOUT value being significantly longer than the Chainlink ETH/USD
price feed's update frequency. This discrepancy means that during periods of significant market volatility,
the protocol may rely on outdated price information for computing rewards, leading to inaccuracies that could
skew the Beanstalk's economics and participant rewards.

Moreover, the fallback strategy to utilize Uniswap V3 oracle price data does not fully insulate against this vulnerability due to its susceptibility to
momentary price manipulation from MEV bots, particularly during volatile market conditions. Thus then when the oracleprice different returned from Uniswap is more than 1%, Chainlink is defaulted to. This reliance reduces the efficacy of measures intended to mitigate the risks posed by the hardcoded timeout value.

Given the CHAINLINK_TIMEOUT of 4 hours, the protocol considers any price data fetched within this window as valid. However, because the actual Chainlink feed might update more frequently (approximately every hour), using a 4-hour timeout could lead to decision-making based on outdated information.

In a volatile market, the price of ETH/USD could significantly deviate within hours, impacting the accurate
calculation of rewards.

Impact

When the process halts at if (newBeans == 0) return;, then:

No new beans would be minted, and subsequently, no swap operation for sopTokens (WETH) would occur. This means no sopTokens would be distributed as part of this SOP operation, despite potentially existing market conditions that would justify such distribution under accurate and timely price information.

Users might receive more or fewer rewards than they should based on the current market value of ETH, leading to potential imbalances in Beanstalk. This misalignment could lead to an unjust distribution of rewards, potentially disadvantaging some participants while unduly benefiting others,

Tools Used

Manual Review

Recommendations

Adjust the timeout value to align with the actual update frequency of the Chainlink ETH/USD price feed, ensuring that the protocol uses the most recent price data for reward calculations. You could also dynamically change the timeout value to align with the Chainlink feed's update frequency.