Beanstalk Part 1
Beanstalk
DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`Sun::stepSun` should supply soil when `deltaB >=0` not `delta > 0`

rustguy

Vulnerability Details

The doc describes that Sun::stepSun should decrease the soil supply logarithmically when deltaB >= 0 but the contract only decreases the supply soil when delta > 0 which means when deltaB is equal to 0 it is not decreasing the soil logarithmically as described.

Doc Reference

When P ≥ 1 (i.e., deltaB ≥ 0), the Soil supply decreases logarithmically at the beginning of each block in the Morning. When P < 1 (i.e., deltaB < 0), Beanstalk sets the Soil supply to deltaB. See the Soil Supply section.

Vulnerable code:

function stepSun(int256 deltaB, uint256 caseId) internal {
// Above peg
@> if (deltaB > 0) {
uint256 newHarvestable = rewardBeans(uint256(deltaB));
// @note sending the deltaB directly.
setSoilAbovePeg(newHarvestable, caseId);
s.season.abovePeg = true;
// @note if deltaB > 0 then it is going above the peg
// @note not follwoing the paper: https://docs.bean.money/almanac/farm/field#soil
}
// Below peg
else {
setSoil(uint256(-deltaB));
s.season.abovePeg = false;
}
}

Impact

  1. Soil supply should decrease as the deltaB reaches 0 to maintain the peg of the stable coin.

  2. Contract fails to deliver promised return.

Tools Used

Manual Review

Recommendations

Change the following code:

function stepSun(int256 deltaB, uint256 caseId) internal {
// Above peg
- if (deltaB > 0) {
+ if (deltaB >= 0) {
uint256 newHarvestable = rewardBeans(uint256(deltaB));
// @note sending the deltaB directly.
setSoilAbovePeg(newHarvestable, caseId);
s.season.abovePeg = true;
// @note if deltaB > 0 then it is going above the peg
// @note not follwoing the paper: https://docs.bean.money/almanac/farm/field#soil
}
// Below peg
else {
setSoil(uint256(-deltaB));
s.season.abovePeg = false;
}
}
Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Informational/Invalid

Soil zero deltaB

rustguy Submitter
about 1 year ago
giovannidisiena Lead Judge
about 1 year ago
giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Informational/Invalid

Soil zero deltaB

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.