Beanstalk Part 1

Beanstalk

DeFiHardhatOracleProxyUpdates

100,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Potential for Price Manipulation Due to Predictable Season Lengths

lordofterra

Summary

The gm function in the SeasonFacet contract advances the protocol to the next season based on a fixed and predictable season length. This predictability can be exploited by traders to engage in arbitrage, potentially leading to price manipulation of the Bean asset.

function gm(address account, LibTransfer.To mode) public payable returns (uint256) {

uint256 initialGasLeft = gasleft();

require(!s.paused, "Season: Paused.");

require(seasonTime() > s.season.current, "Season: Still current Season.");

uint32 season = stepSeason();

int256 deltaB = stepOracle();

uint256 caseId = calcCaseIdandUpdate(deltaB);

LibGerminate.endTotalGermination(season, LibWhitelistedTokens.getWhitelistedTokens());

LibGauge.stepGauge();

stepSun(deltaB, caseId);

return incentivize(account, initialGasLeft, mode);

}

Vulnerability Details

The function gm allows users to trigger a new season once the current season has concluded, as determined by the seasonTime() function. Since the season's end is predictable, traders could prepare strategies to buy or sell large quantities of Beans or related assets just before a season ends, and then reverse these trades immediately after the new season begins, exploiting the price discrepancies that may arise due to the change in season.

Impact

If not addressed, the issue could lead to systematic price manipulation, which may result in unfair trading advantages, loss of trust in the protocol's price stability, and potential harm to the protocol's reputation and long-term viability. It is recommended to address this issue to ensure a fair and robust economic

Tools Used

Manual review

Recommendations

Randomize the exact time of season transitions within a certain range to make it less predictable.
Introduce a threshold mechanism that requires additional conditions to be met before a season can transition.
Employ an algorithmic approach to adjust the season length based on on-chain activity to prevent traders from being able to predict season changes accurately.

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

Informational/Invalid

Predictable Seasons

Prize pool breakdown

Total prize

100,000 USDC

nSLOC

5,776

17 USDC / LOC

High Medium

95,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.