Beanstalk Part 1

Summary

The gm function in the SeasonFacet advances Beanstalk to the next season, sending reward Beans to a specified address and balance. However, if the specified account address is entered as the zero address due to any reason or by mistake, it will lead to a loss of rewards, especially when the mode is set to To.INTERNAL.

PoC Flow

1. The gm function is called with account set to the zero address and mode set to To.INTERNAL.

2. The gm function calls the incentivize function.

3. The incentivize function calls LibTransfer.mintToken with the zero address as the account parameter.

4. In the sendToken function, when mode == To.INTERNAL, it calls LibBalance.increaseInternalBalance.

5. The increaseInternalBalance function uses getInternalBalance and setInternalBalance.

6. If getInternalBalance is called with the zero address as account, it will fetch an incorrect balance.

7. When setInternalBalance is called with the zero address as account, it will set the new balance to the zero address, resulting in a loss of rewards.

Impact

It can lead to the loss of rewards for the specified account when the zero address is unintentionally provided. This is particularly critical when the mode is set to To.INTERNAL, as it directly modifies the internal balance associated with the account.

Recommendations

Implement input validation in the gm function to ensure that the account parameter is not the zero address. This can be achieved by adding a require statement at the beginning of the function.

Another thing is if these functions are used widely and it will be because this is a library, so better add checks in the relevant functions (getInternalBalance and setInternalBalance) to ensure that the zero address is not used, preventing unexpected behavior.