Beanstalk Part 1

Beanstalk

DeFiHardhatOracleProxyUpdates

100,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

[M-3] Incorrect Interpretation of Gauge Points Decrement

Zealynx

Summary

The defaultGaugePointFunction incorrectly interprets the conditions under which gauge points should be decremented, especially when optimalPercentDepositedBdv is 0. This results in an unintended decrement of points to 0 in situations where there should be no change.

Impact

This vulnerability compromises the integrity of the contract's incentive mechanisms, discouraging participation by unfairly penalizing users through the reduction of their gauge points without a behavior-based justification.

Proof of Concept

The flaw was evidenced in the testGaugePointsDecrementFuzzing test, which attempted to validate the correct decrement of points under specific conditions, resulting in newGaugePoints = 0 instead of the expected decrement of currentGaugePoints by ONE_POINT.

function testGaugePointsDecrementFuzzing(

uint256 currentGaugePoints,

uint256 optimalPercentDepositedBdv

) public {

uint256 percentOfDepositedBdv = ((optimalPercentDepositedBdv * UPPER_THRESHOLD) / THRESHOLD_PRECISION);

currentGaugePoints = bound(currentGaugePoints, ONE_POINT, MAX_GAUGE_POINTS);

optimalPercentDepositedBdv = bound(optimalPercentDepositedBdv, 0, 100);

uint256 newGaugePoints = gaugePointFacet.defaultGaugePointFunction(

currentGaugePoints,

optimalPercentDepositedBdv,

percentOfDepositedBdv

);

uint256 expectedGaugePoints = currentGaugePoints > ONE_POINT ? currentGaugePoints - ONE_POINT : 0;

assertEq(newGaugePoints, expectedGaugePoints, "Gauge points should decrement correctly");

}

Recommendations

Logic Revision and Correction: Review and adjust the function's logic to correctly interpret and apply decrement conditions. This includes ensuring the function properly handles edge cases and extreme values without unintended consequences. To prevent the issue of gauge points decrementing to 0 when not expected, the function's conditions for decrementing should be clarified and strictly enforced, as follows:

if (currentGaugePoints > ONE_POINT && percentOfDepositedBdv > optimalPercentDepositedBdv.mul(UPPER_THRESHOLD).div(THRESHOLD_PRECISION)) {

return currentGaugePoints.sub(ONE_POINT);

} else if (percentOfDepositedBdv < optimalPercentDepositedBdv.mul(LOWER_THRESHOLD).div(THRESHOLD_PRECISION)) {

// Increment logic here

} else {

return currentGaugePoints;

}

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

100,000 USDC

nSLOC

5,776

17 USDC / LOC

High Medium

95,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.