Beanstalk: Dive Into Basin

Beanstalk

DeFiHardhat

12,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Reserve Manipulation Within Cap Limits in the update function

lordofterra

Summary

The MultiFlowPump contract employs a cap mechanism controlled by LOG_MAX_INCREASE and LOG_MAX_DECREASE parameters to limit the rate of reserve value changes per block. However, an attacker could potentially exploit this mechanism by making small, calculated changes to the reserves that stay within these limits, allowing for incremental manipulation over time.

Vulnerability Details

The vulnerability arises from the cap logic's design to prevent extreme fluctuations in reserves or prices by limiting the maximum percentage increase or decrease in a single block. However, if the cap limits are set to allow small changes, an attacker could exploit this by making trades that move the price just within the cap limits, thereby avoiding triggering any cap logic that would prevent the update.

Cap Mechanism
The cap mechanism works by calculating the cap limits based on the time elapsed since the last update. The cap limits are adjusted to ensure that the price changes are not too extreme, which could be indicative of manipulation. The cap limits are set using parameters such as LOG_MAX_INCREASE and LOG_MAX_DECREASE, which represent the maximum percentage increase or decrease allowed in a single block.

Exploitation
An attacker could exploit this vulnerability by making small, gradual changes to the price or reserve values, each within the cap limits. Over time, these small changes could accumulate and significantly affect the recorded prices or reserves, potentially leading to inaccurate or misleading information.

Impact

If successfully executed, this strategy could lead to manipulated Exponential Moving Average (EMA) and Cumulative Geometric Simple Moving Average (SMA) values, affecting any dependent price oracles or financial instruments. This could result in distorted market behavior, unfair advantages, and potential financial losses for other market participants.

Tools Used

manual review

Recommendations

Introduce a minimum time interval between updates or allow only one update per block to prevent rapid manipulation
Consider adding a governance mechanism to adjust LOG_MAX_INCREASE and LOG_MAX_DECREASE dynamically in response to changing market conditions.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

Informational/Invalid

Prize pool breakdown

Total prize

12,000 USDC

nSLOC

479

25 USDC / LOC

High Medium

10,000 USDC

Low

1,000 USDC

Judges

1,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.