Beanstalk Part 2
Beanstalk
DeFiHardhat
35,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Vulnerability in `BDVFacet.sol`: Lack of Access Control and Input Validation

sparrow

Summary

The BDVFacet contract lacks proper access control mechanisms for its calculation functions (curveToBDV, beanToBDV, unripeLPToBDV, unripeBeanToBDV, and wellBdv). Additionally, input validation is not adequately enforced in these functions, allowing potential manipulation of calculation results.

Vulnerability Details

  • Unauthorized Access: The calculation functions do not have explicit access control mechanisms, allowing any address to call them. This lack of access control enables unauthorized parties to manipulate inputs or outputs of these functions.

  • Input Validation Bypass: The calculation functions do not sufficiently validate input parameters, leaving them vulnerable to manipulation with unexpected or malicious inputs. Without proper input validation, attackers can provide invalid or malicious inputs to skew calculation results.

Impact

  • Mispricing of Tokens: Manipulation of calculation results can lead to mispricing of tokens within the ecosystem, potentially resulting in financial losses for users.

  • Disruption of Contract Functionality: Manipulation of calculations can disrupt normal contract functionality, causing unexpected behaviors or vulnerabilities that attackers could exploit, potentially resulting in financial losses for users.

Proof of Concept (PoC)

Code
`contract BDVFacet {
// Calculation function without access control
function curveToBDV(uint256 amount) external pure returns (uint256) {
// Simplified calculation for demonstration
return amount * 2;
}
// Calculation function without proper input validation
function beanToBDV(uint256 amount) external pure returns (uint256) {
// No input validation
return amount * 3;
}
}
contract Attacker {
BDVFacet public targetContract;
address public owner;
constructor(address _targetContract) {
targetContract = BDVFacet(_targetContract);
owner = msg.sender;
}
// Attack function to exploit curveToBDV function
function attackCurveToBDV(uint256 amount) external {
// Call curveToBDV function without authorization
uint256 manipulatedResult = targetContract.curveToBDV(amount);
// Manipulate calculation result
uint256 manipulatedResult = manipulatedResult * 10;
// Perform malicious action with manipulated result
// For example, transfer tokens to attacker
msg.sender.transfer(manipulatedResult);
}
// Attack function to exploit beanToBDV function
function attackBeanToBDV(uint256 amount) external {
// Call beanToBDV function without authorization
uint256 manipulatedResult = targetContract.beanToBDV(amount);
// Manipulate calculation result
uint256 manipulatedResult = manipulatedResult * 5;
// Perform malicious action with manipulated result
// For example, transfer tokens to attacker
msg.sender.transfer(manipulatedResult);
}
}`

Tools Used

Manual code review

Recommendations

  • Implement Access Controls: Add modifiers or require statements to enforce access control for calculation functions, ensuring that only authorized users or contracts can call them.

  • Enhance Input Validation: Strengthen input validation mechanisms to ensure that input parameters are within expected ranges and formats, rejecting invalid or suspicious inputs.

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Other
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.