Beanstalk Part 1

Beanstalk

DeFiHardhatOracleProxyUpdates

100,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

`updateStalkPerBdvPerSeasonForToken` has potential underflow when updating the `deltaStalkEarnedPerSeason` variable

0xbeastboy

Summary

The issue in the LibWhitelist:updateStalkPerBdvPerSeasonForToken function is a potential underflow when updating the deltaStalkEarnedPerSeason variable. This occurs when the new stalkEarnedPerSeason value is smaller than the current one, leading to a negative value when calculating the difference between the two.

Vulnerability Details

See the following function:

function updateStalkPerBdvPerSeasonForToken(

address token,

uint32 stalkEarnedPerSeason

) internal {

AppStorage storage s = LibAppStorage.diamondStorage();

require(s.ss[token].milestoneSeason != 0, "Token not whitelisted");

// beanstalk requires a min. stalkEarnedPerSeason of 1.

if (stalkEarnedPerSeason == 0) stalkEarnedPerSeason = 1;

// update milestone stem and season.

s.ss[token].milestoneStem = LibTokenSilo.stemTipForToken(token);

s.ss[token].milestoneSeason = s.season.current;

// stalkEarnedPerSeason is set to int32 before casting down.

s.ss[token].deltaStalkEarnedPerSeason = int24(int32(stalkEarnedPerSeason) - int32(s.ss[token].stalkEarnedPerSeason)); // calculate delta

s.ss[token].stalkEarnedPerSeason = stalkEarnedPerSeason;

emit UpdatedStalkPerBdvPerSeason(token, stalkEarnedPerSeason, s.season.current);

}

Impact

If the new stalkEarnedPerSeason value is smaller than the current one, the subtraction operation can result in a negative value. Solidity does not throw an error on underflow, but it wraps around to the maximum positive value for the data type, potentially causing unexpected behavior or incorrect calculations. Which will result in inaccurate tracking of stalk earned per season or incorrect decision-making based on this data.

Tools Used

Manual Review

Recommendations

To address this issue, you can add a validation to ensure that the new stalkEarnedPerSeason value is greater than or equal to the current one before updating the deltaStalkEarnedPerSeason variable. This validation prevents underflow by ensuring that the subtraction operation will not result in a negative value.

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

Informational/Invalid

0xbeastboy Submitter

over 1 year ago

giovannidisiena Lead Judge

over 1 year ago

0xbeastboy Submitter

over 1 year ago

giovannidisiena Lead Judge

over 1 year ago

giovannidisiena Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

Informational/Invalid

Prize pool breakdown

Total prize

100,000 USDC

nSLOC

5,776

17 USDC / LOC

High Medium

95,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.