Beanstalk Part 2

Beanstalk

DeFiHardhat

35,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Absence of Mechanisms to Mitigate Delays and Price Fluctuations in Converting Beans to LP Tokens

daniel526

Summary

The provided contract lacks explicit mechanisms to address delays and price fluctuations during the conversion process from beans to LP tokens. While the contract executes conversions internally and sets minimum output requirements, it does not actively mitigate risks associated with delays or fluctuations in market prices.

Vulnerability Details

The vulnerability stems from the absence of specific functionality within the contract to monitor and mitigate delays and price fluctuations during conversions. While the contract's convertBeansToLP function performs the conversion internally, it does not incorporate mechanisms to address potential delays between initiating and executing the conversion. Moreover, the contract does not actively monitor market conditions or adjust conversion strategies based on real-time price fluctuations.

function convertBeansToLP(bytes memory convertData) internal returns (address tokenOut, address tokenIn, uint256 amountOut, uint256 amountIn) {

// Conversion logic omitted for brevity

// Calculate minAmountOut to ensure a minimum output requirement

uint256 minAmountOut = LibUnripe.unripeToUnderlying(tokenOut, minLP, IBean(C.UNRIPE_LP).totalSupply())

.mul(LibUnripe.percentBeansRecapped())

.div(LibUnripe.percentLPRecapped());

// Perform conversion based on minAmountOut

(uint256 outUnderlyingAmount, uint256 inUnderlyingAmount) = LibWellConvert._wellAddLiquidityTowardsPeg(

LibUnripe.unripeToUnderlying(tokenIn, beans, IBean(C.UNRIPE_BEAN).totalSupply()),

minAmountOut,

LibBarnRaise.getBarnRaiseWell()

);

// Additional conversion logic omitted for brevity

}

Impact

One impact of this vulnerability is an increased risk of slippage and potential losses for participants due to delays and price fluctuations during conversions. Without mechanisms to actively monitor and mitigate these risks, the contract may not efficiently execute conversions at optimal prices, leading to suboptimal outcomes for users and liquidity providers.

Tools Used

Manual

Recommendations

Implementing time-sensitive execution strategies to minimize delays.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Too generic

Assigned finding tags:

Informational/Invalid

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

1,991

18 USDC / LOC

High Medium

30,000 USDC

Low

1,500 USDC

Judges

3,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.