Beanstalk Part 2
Beanstalk
DeFiHardhat
35,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`FertilizerFacet::totalUnfertilizedBeans` returns incorrect value

marcobesier

Summary

FertilizerFacet::totalUnfertilizedBeans returns the difference s.unfertilizedIndex - s.fertilizedIndex instead of s.unfertilizedIndex.

Vulnerability Details

While the intentions behind the implementation are not 100% clear due to missing NatSpec, the implementation of FertilizerFacet::totalFertilizedBeans suggests that FertilizerFacet::totalUnfertilizedBeans should follow the same pattern. In other words, since FertilizerFacet::totalFertilizedBeans returns s.fertilizedIndex, FertilizerFacet::totalUnfertilizedBeans should return s.unfertilizedIndex. However, the actual implementation returns the difference s.unfertilizedIndex - s.fertilizedIndex instead.

function totalFertilizedBeans() external view returns (uint256 beans) {
return s.fertilizedIndex;
}
function totalUnfertilizedBeans() external view returns (uint256 beans) {
return s.unfertilizedIndex - s.fertilizedIndex;
}

Impact

The FertilizerFacet::totalUnfertilizedBeans view function returns an unexpected value.

Tools Used

Manual review.

Recommendations

Change FertilizerFacet::totalUnfertilizedBeans to only return s.unfertilizedIndex.

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.