Beanstalk Part 2

Summary

The InitMigrateUnripeBeanEthToBeanSteth.sol contract lacks proper access control mechanisms, allowing unauthorized users to call critical functions and manipulate sensitive states.

Vulnerability Details

The vulnerability arises from the absence of access control checks in the init() function of the contract. This function is marked as external and performs several critical operations related to turning off Bean:Eth minting, whitelisting Bean:WstETH, updating optimal percent deposited for Bean:Eth, and initiating the migration process. However, it does not include any checks to ensure that only authorized addresses or contracts can call it.

Impact

• Unauthorized users can call the init() function and manipulate critical states, potentially leading to loss of tokens, disruption of the migration process, or unintended outcomes.

• Lack of access control increases the attack surface and exposes the contract to unauthorized access and manipulation, compromising its security and integrity.

Tools Used

Manual code review

Recommendations

constructor() {
    admin = msg.sender; // Set contract deployer as admin
}

modifier onlyAdmin() {
    require(msg.sender == admin, "Only admin can call this function");
    _;
}

function init() external onlyAdmin {
    // Function logic restricted to admin
    // Turn off Bean:Eth Minting while Multi Flow Pump catches up
    delete s.wellOracleSnapshots[C.BEAN_ETH_WELL];
    s.season.beanEthStartMintingSeason = s.season.current + BEAN_ETH_PUMP_CATCH_UP_SEASONS;

}

Additional logic...

• Implement access control mechanisms to restrict access to the init() function to only authorized addresses or contracts.

• Use modifiers or require statements within the init() function to validate the caller's authorization before executing critical operations.

• Consider implementing a multi-signature scheme or other forms of permissioned access for critical actions to require approval from multiple authorized parties before changes are made.