Beanstalk Part 1

Summary

The SeasonFacet function sunrise which advances Beanstalk to the next Season and rewards the caller with beans. There is a vulnerability present in this implementation that allows front-running of the reward mechanism. This vulnerability enables an attacker to consistently front-run legitimate callers and claim the rewards for themselves, leaving the legitimate callers unsatisfied.

Impact

It undermines the fairness of the reward distribution system. It allows an attacker to monopolize the rewards meant for legitimate users, leading to dissatisfaction among users who may lose gas fees without receiving the expected rewards.

Proof of concept

1. Bob calls the sunrise function to advance Beanstalk to the next Season and receive rewards.

2. Before Bob's transaction is processed, Alice front-runs Bob's transaction and calls the sunrise function herself.

3. Alice successfully advances Beanstalk to the next Season and receives the rewards meant for Bob.

4. Bob's transaction is reverted, causing him to lose gas fees and miss out on the rewards.

This scenario highlights how an attacker like Alice can exploit the front-running vulnerability to consistently claim rewards meant for other users, leading to unfairness and dissatisfaction among legitimate users.

Recommendation

Implement a front-running mitigation mechanism to ensure fair rewards distribution and prevent unauthorized claim of rewards.