Beanstalk Part 2

Summary

The absence of access control for the init() function in the InitMigrateUnripeBeanEthToBeanSteth contract leaves it open to unauthorized invocation, potentially leading to unintended changes in protocol state and exploitation risks.

Vulnerability Details

The vulnerability lies within the InitMigrateUnripeBeanEthToBeanSteth contract's init() function, which lacks proper access control mechanisms. Let's break down the issue comprehensively:
The init() function is intended to initialize the migration process of Unripe LP underlying tokens from Bean:Eth to Bean:Steth.
It likely performs critical actions such as updating storage variables, setting initial configurations, and possibly interacting with other contracts or protocols.

The init() function is marked as external, which means it can be called by any external account or contract.
However, there are no access control checks implemented within the function, allowing any Ethereum address to call it.
This lack of access control poses a severe risk, as unauthorized parties could trigger the initialization process, potentially leading to unintended changes in the protocol's state or disruptions in its operations.
Without proper access control, malicious actors could exploit the function to manipulate protocol parameters, disrupt token migrations, or even drain funds from the contract.

Impact

The lack of access control for the init() function poses a significant risk to the security and integrity of the protocol. Any malicious actor or unintended user can potentially invoke this function after deployment, leading to unauthorized changes in the protocol state or disruption of its operations.

Tools Used

Manual

Recommendations

Modify the init() function to include an access control check that verifies the caller is the diamond cut contract.