Beanstalk Part 1
Beanstalk
DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Overwriting of Oracle Snapshots in initializeOracle

lordofterra

Vulnerability Details

the initializeOracle function does not include a check to determine if the Oracle has already been initialized for the given Well. If this function is called multiple times for the same Well, it will overwrite the existing snapshot in the wellOracleSnapshots mapping with the latest data obtained from the ICumulativePump contract. Here's the relevant code snippet:

try ICumulativePump(C.BEANSTALK_PUMP).readCumulativeReserves(
well,
C.BYTES_ZERO
) returns (bytes memory lastSnapshot) {
s.wellOracleSnapshots[well] = lastSnapshot;
emit WellOracle(s.season.current, well, 0, lastSnapshot);
} catch {
emit WellOracle(s.season.current, well, 0, new bytes(0));
}

Impact

Repeated calls to initializeOracle for the same Well could result in the loss of historical oracle data, which may be critical for auditing, troubleshooting, or system analysis. The overwriting of snapshots could also disrupt the integrity of the oracle data, potentially leading to incorrect calculations of deltaB and other dependent metrics.

Tools Used

Manual review

Recommendations

  1. Restrict the execution of initializeOracle to authorized roles or smart contract functions to prevent unauthorized or accidental overwrites.

  2. Consider implementing a mechanism to preserve historical snapshots, such as versioning or archiving, before overwriting them with new data.

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.