DeFiHardhat
35,000 USDC
View results
Submission Details
Severity: low
Invalid

The function `InitMigrateUnripeBeanEthToBeanSteth :: init` has no access contol

Summary

can not mint bean : eth

Vulnerability Details

a malicious user can turn off the Bean:Eth Minting for ever by calling this function init anytime they want.

Impact

urns off Bean:Eth Minting

Tools Used

Recommendations

add an only owner modifier

+ address public owner;
+ constructor() {
+ owner = msg.sender;
+ }
+ modifier onlyOwner() {
+ require(msg.sender == owner, "Caller is not the owner");
+ _; // Continue executing the function
+ }
- function init() external {
+ function init() external onlyOwner {
// Turn off Bean:Eth Minting while Multi Flow Pump catches up
delete s.wellOracleSnapshots[C.BEAN_ETH_WELL];
s.season.beanEthStartMintingSeason = s.season.current + BEAN_ETH_PUMP_CATCH_UP_SEASONS;
LibWhitelist.whitelistToken(
C.BEAN_WSTETH_WELL,
BDVFacet.wellBdv.selector,
STALK_ISSUED_PER_BDV,
0, // No need to set Stalk issued per BDV
0x01,
IGaugePointFacet.defaultGaugePointFunction.selector,
ILiquidityWeightFacet.maxWeight.selector,
BEAN_WSTETH_INITIAL_GAUGE_POINTS,
OPTIMAL_PERCENT_DEPOSITED_BDV
);
LibWhitelist.updateOptimalPercentDepositedBdvForToken(
C.BEAN_ETH_WELL,
MAX_PERCENT_DEPOSITED_BDV - OPTIMAL_PERCENT_DEPOSITED_BDV
);
LibFertilizer.beginBarnRaiseMigration(C.BEAN_WSTETH_WELL);
}
``
Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Init access control

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.