Beanstalk Part 1
Beanstalk
DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Blocking of switchUnderlyingToken Function by Malicious Actors

lordofterra

Summary

The switchUnderlyingToken function is intended to change the underlying ripe token associated with an unripe token. A prerequisite for this operation is that the balanceOfUnderlying for the unripe token must be zero.

function switchUnderlyingToken(
address unripeToken,
address newUnderlyingToken
) external payable {
LibDiamond.enforceIsContractOwner();
require(s.u[unripeToken].balanceOfUnderlying == 0, "Unripe: Underlying balance > 0");
LibUnripe.switchUnderlyingToken(unripeToken, newUnderlyingToken);
}

Vulnerability Details

Malicious actors could exploit this by holding a minimal amount of unripe tokens and refusing to use the chop function, thereby maintaining a non-zero balanceOfUnderlying and preventing the switch of the underlying token.

Impact

This could lead to the contract owner being unable to switch the underlying token when necessary, potentially causing operational issues or financial loss.

Tools Used

manual review

Recommendations

  1. Implement a time-bound function that allows the contract owner to override the zero balance requirement after a certain period.

  2. Introduce a mechanism for compulsory conversion of the last remaining unripe tokens.

  3. Consider a governance vote or multi-sig approval process for switching underlying tokens to prevent unilateral control.

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.