Beanstalk Part 2
Beanstalk
DeFiHardhat
35,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Proper Access Control in mintFertilizer Function

OdeWeb3

Summary

The mintFertilizer function is intended to be callable by anyone, but internally it calls the beanstalkMint function, which has onlyOwner access control. This discrepancy in access control will cause the mintFertilizer function to fail when called by anyone other than the owner.

function beanstalkMint(address account, uint256 id, uint128 amount, uint128 bpf) external onlyOwner {
if (_balances[id][account].amount > 0) {
uint256[] memory ids = new uint256[](1);
ids[0] = id;
_update(account, ids, bpf);
}
_balances[id][account].lastBpf = bpf;
_safeMint(
account,
id,
amount,
bytes('0')
);
}

Impact

The lack of proper access control in the mintFertilizer function prevents non-owner accounts from successfully calling the function, leading to restricted functionality and potential user frustration. This can hinder the intended use of the contract and limit participation.

Tools Used

Manual review

Recommendations

Review the access control logic in the beanstalkMint function and ensure that it aligns with the intended functionality of the mintFertilizer function. Consider modifying the access control mechanism to allow the mintFertilizer function to be called by anyone as intended. This can involve removing the onlyOwner modifier from the beanstalkMint function or implementing a different access control mechanism that accommodates the intended behavior of mintFertilizer.

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Informational/Invalid

scoolj Submitter
over 1 year ago
scoolj Submitter
over 1 year ago
scoolj Submitter
over 1 year ago

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.