Submission Details
Severity:
The function `InitMigrateUnripeBeanEthToBeanSteth :: init` has no access contol
Summary
can not mint bean : eth
Vulnerability Details
a malicious user can turn off the Bean:Eth Minting for ever by calling this function init anytime they want.
Impact
urns off Bean:Eth Minting
Tools Used
Recommendations
add an only owner modifier
+ address public owner;
+ constructor() {
+ owner = msg.sender;
+ }
+ modifier onlyOwner() {
+ require(msg.sender == owner, "Caller is not the owner");
+ _; // Continue executing the function
+ }
- function init() external {
+ function init() external onlyOwner {
// Turn off Bean:Eth Minting while Multi Flow Pump catches up
delete s.wellOracleSnapshots[C.BEAN_ETH_WELL];
s.season.beanEthStartMintingSeason = s.season.current + BEAN_ETH_PUMP_CATCH_UP_SEASONS;
LibWhitelist.whitelistToken(
C.BEAN_WSTETH_WELL,
BDVFacet.wellBdv.selector,
STALK_ISSUED_PER_BDV,
0, // No need to set Stalk issued per BDV
0x01,
IGaugePointFacet.defaultGaugePointFunction.selector,
ILiquidityWeightFacet.maxWeight.selector,
BEAN_WSTETH_INITIAL_GAUGE_POINTS,
OPTIMAL_PERCENT_DEPOSITED_BDV
);
LibWhitelist.updateOptimalPercentDepositedBdvForToken(
C.BEAN_ETH_WELL,
MAX_PERCENT_DEPOSITED_BDV - OPTIMAL_PERCENT_DEPOSITED_BDV
);
LibFertilizer.beginBarnRaiseMigration(C.BEAN_WSTETH_WELL);
}
``
Updates
Lead Judging Commences
giovannidisiena about 1 year ago
Submission Judgement Published Reason: Incorrect statement
Assigned finding tags:
Init access control
Prize pool breakdown
Total prize
35,000 USDC
nSLOC
1,99118 USDC / LOC
30,000 USDC
1,500 USDC
3,500 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.