Summary
The InitMigrateUnripeBeanEthToBeanSteth.init()
has no access control mechanism which allows it to be called by any arbitrary user.
Vulnerability Details
function init() external {
delete s.wellOracleSnapshots[C.BEAN_ETH_WELL];
s.season.beanEthStartMintingSeason = s.season.current + BEAN_ETH_PUMP_CATCH_UP_SEASONS;
LibWhitelist.whitelistToken(
C.BEAN_WSTETH_WELL,
BDVFacet.wellBdv.selector,
STALK_ISSUED_PER_BDV,
0,
0x01,
IGaugePointFacet.defaultGaugePointFunction.selector,
ILiquidityWeightFacet.maxWeight.selector,
BEAN_WSTETH_INITIAL_GAUGE_POINTS,
OPTIMAL_PERCENT_DEPOSITED_BDV
);
LibWhitelist.updateOptimalPercentDepositedBdvForToken(
C.BEAN_ETH_WELL,
MAX_PERCENT_DEPOSITED_BDV - OPTIMAL_PERCENT_DEPOSITED_BDV
);
LibFertilizer.beginBarnRaiseMigration(C.BEAN_WSTETH_WELL);
}
According to Natspec this function:
* Initializes the Migration of the Unripe LP underlying tokens from Bean:Eth to Bean:Steth.
* It:
* - Turns off Bean:Eth Minting while Multi Flow Pump catches up
* - Whitelists Bean:WstETH
* - Updates the optimal percent deposited for Bean:Eth
* - Migrates the Unripe LP underlying tokens from Bean:Eth to Bean:Wsteth
*/
Impact
Without access control, the init()
function can be called by any external account or contract, potentially leading to unauthorized initialization
Tools Used
Manual Review
Recommendations
Use access control modifiers such as onlyOwner, onlyAdmin
, or custom modifiers to restrict access to privileged functions like init()
.
Only designated accounts or contracts should have permission to call these functions.