DeFiHardhat
35,000 USDC
View results
Submission Details
Severity: low
Invalid

Anyone can call init() potentially bricking protocol

Summary

Function can be called by anyone including malicious users.

Vulnerability Details

The function can be called by anyone including unauthorized users.

function init() external {
// Turn off Bean:Eth Minting while Multi Flow Pump catches up
delete s.wellOracleSnapshots[C.BEAN_ETH_WELL];
s.season.beanEthStartMintingSeason = s.season.current + BEAN_ETH_PUMP_CATCH_UP_SEASONS;
LibWhitelist.whitelistToken(
C.BEAN_WSTETH_WELL,
BDVFacet.wellBdv.selector,
STALK_ISSUED_PER_BDV,
0, // No need to set Stalk issued per BDV
0x01,
IGaugePointFacet.defaultGaugePointFunction.selector,
ILiquidityWeightFacet.maxWeight.selector,
BEAN_WSTETH_INITIAL_GAUGE_POINTS,
OPTIMAL_PERCENT_DEPOSITED_BDV
);
LibWhitelist.updateOptimalPercentDepositedBdvForToken(
C.BEAN_ETH_WELL,
MAX_PERCENT_DEPOSITED_BDV - OPTIMAL_PERCENT_DEPOSITED_BDV
);
LibFertilizer.beginBarnRaiseMigration(C.BEAN_WSTETH_WELL);
}

Impact

Anyone can call init() potentially bricking protocol

Tools Used

Manual Review

Recommendations

Include modifier and whitelist authorized user

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Init access control

0x11singh99 Judge
about 1 year ago
giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Init access control

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.