Oracle::stepOracle lacks return statement which leads to downstream errors
Summary
https://github.com/Cyfrin/2024-04-beanstalk-2/blob/27ff8c87c9164c1fbff054be5f22e56f86cdf127/protocol/contracts/beanstalk/sun/SeasonFacet/Oracle.sol#L23C5-L30C2
Oracle::stepOracle lacks return statement which leads to downstream errors. Contracts like seasonFacet, sun and weather call make calls to the stepOracle function. The problem is that the stepOracle function lacks return statement and therefore it will return 0 or erroneous results.
Vulnerability Details
https://github.com/Cyfrin/2024-04-beanstalk-2/blob/27ff8c87c9164c1fbff054be5f22e56f86cdf127/protocol/contracts/beanstalk/sun/SeasonFacet/Oracle.sol#L23C5-L30C2.
function stepOracle() internal returns (int256 deltaB) { address[] memory tokens = LibWhitelistedTokens.getWhitelistedWellLpTokens(); for (uint256 i = 0; i < tokens.length; i++) { deltaB = deltaB.add(LibWellMinting.capture(tokens[i])); } s.season.timestamp = block.timestamp; } }
The code lacks return statement and that means calling functions will receive incorrect data.
Impact
function calls to the oracle will lead to erroneous returns or incorrect data.
Tools Used
Manual Review
Recommendations
add return deltaB to end of the current code implementation
Lead Judging Commences
Informational/Invalid
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.