Beanstalk: Dive Into Basin
Beanstalk
DeFiHardhat
12,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Mocking provider reentrancy

ixidor

Summary

Reentrancy in MockReserveWell.sol function update(address,uint256[],bytes)

Vulnerability Details

A pump is an interface to support/operationalize Multi Flow - MultiFlowPump.sol.

In order to simulate/test Well reserves and the functioning of Multi Flow, a mocking mechanism is necessary. These are provided with a number of mocks.

The tests make use of these mocks. The object of concern is: MockReserveWell.sol

Tests for Multi Flow pumps are located in test/pumps/:

test/pumps/
├── Pump.CapReserve.t.sol
├── Pump.Fuzz.t.sol
├── PumpHelpers.sol
├── Pump.Helpers.t.sol
├── Pump.Longevity.t.sol
├── Pump.NotInitialized.t.sol
├── Pump.TimeWeightedAverage.t.sol
├── Pump.Update.t.sol
└── simulate.py

The mocking mechanism of interest is provided by: mocks/wells/MockReserveWell.sol

This mock is used by Pump.Update.t.sol which instantiates a MockReserveWell to proceed with testing.

Impact

Severity: Low

Contract: MockReserveWell

Both MultiFlowPump and MockReserveWell implement IPump interface.

Function name: update(address,uint256[],bytes)

SigHash: 9e67eb4a

Tools Used

  • High level UML

  • Manual code analysis

  • Mythril

Recommendations

Consider that no state modifications are executed after this call by applying a form of reentrancy guard.

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Out of scope
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.