Competitive Audits
First Flights
Leaderboard
Docs
Toggle theme
Sign up
Log in
All Contests
Beanstalk Part 2
Submissions
Public
Beanstalk Part 2
Beanstalk
DeFi
Hardhat
35,000
USDC
Public
35,000
USDC
Apr 1st, 2024 → Apr 15th, 2024
View repo
View results
184 / 184
Submissions
Severity
Validity
Tags
Author
#1
Deprecated pool BEAN:WETH on LibBarnRaise used as fallback
Low
Valid
Fallback Well
holydevoti0n
#2
Attackers may be able to apply a Second Preimage Attack to steal tokens
Low
Invalid
UnripeFacet second preimage
biakia
#3
```LibWstethEthOracle::getWstethEthPrice``` returns wrong ```wstETH/ETH``` price in some conditions impacting system operations
Medium
Valid
wstETH:ETH price max differ...
kiteweb3
#4
Chainlinks oracle feeds are not configurable
Low
Invalid
Chainlink feed configuration
biakia
#5
Chainlink's `roundId` is not incremental, thus the function `getTwap` will not work properly
Low
Invalid
Chainlink aggregator rounds
biakia
#6
Anyone can call init() potentially bricking protocol
Low
Invalid
Init access control
thedoctor
#7
`Fertilizer` can be purchased during Migration of the `Barn Raise` to a new `Well`
Low
Invalid
Informational/Invalid
tigerfrake
#8
Missing `nonReentrant` modifier
Low
Invalid
Re-entrancy modifier
tigerfrake
#9
Low findings
Low
Invalid
Informational/Invalid
djanerch
#10
InitMigrateUnripeBeanEthToBeanSteth.init() may be front-run
Low
Invalid
Init access control
tigerfrake
#11
Library function isn't `internal` or `private`
Low
Invalid
Informational/Invalid
djanerch
#12
Price Manipulation Vulnerability in `FertilizerFacet` Contract
Low
Invalid
Chainlink validation
pisces
#13
Missing check for the max/min price in the `LibChainlinkOracle.getPrice()`
Low
Invalid
Chainlink validation
tigerfrake
#14
`amountOut` not compared against `minAmountOut` in both `convertLPToBeans()` and `convertBeansToLP()` functions before proceeding with minting
Low
Invalid
Informational/Invalid
tigerfrake
#15
LibUnripeConvert.sol :: getBeanAmountOut() incorrectly calculates the amount of BEAN.
Low
Valid
Unripe convert incorrect su...
ivanfitro
#16
Precision loss in `remainingRecapitalization()`
Low
Invalid
Precision loss
tigerfrake
#17
wrong LibsUsdOracle::getUsdPrice calculation leads to incorrect liquidations
Low
Invalid
Informational/Invalid
kwakudr
#18
Precision Loss Due to Integer Division in Fertilizer Minting Calculation
Low
Invalid
Precision loss
lordofterra
#19
Unprotected chop Function Vulnerable to Front-Running
Low
Invalid
Front-running
lordofterra
#20
Unused Return Values in External Contract Calls in LibWell.sol
Low
Invalid
Informational/Invalid
heim
#21
UnripeFacet don't support fee-on-transfer tokens or rebase tokens
Low
Invalid
Fee-on-transfer/rebase tokens
pks271
#22
Don't check return value of IERC20 transferFrom function will cause add more liquidity
Low
Invalid
Unchecked transfers
pks271
#23
Protocol don't support some tokens will cause `LibFertilizer#addFertilizer` function revert
Low
Invalid
Informational/Invalid
pks271
#24
Transactions may pending in memory pool forever
Low
Invalid
Fertilizer deadline
pks271
#25
Users can't claim plenty if they are in blacklisted
Low
Invalid
Informational/Invalid
pks271
#26
If the Chainlink registry returns a price outside the designated minimum and maximum range, getPrice() will utilize an incorrect price.
Low
Invalid
Chainlink validation
mrjorystewartbaxter
#27
" _claimPlenty" can be revert on zero plenty value
Low
Invalid
Informational/Invalid
bareli
#28
Interface definition error.
Low
Invalid
Informational/Invalid
tigerfrake
#29
Race Condition in pick Function Allowing Multiple Claims
Low
Invalid
Informational/Invalid
lordofterra
#30
Unchecked Token Transfer in Depot Contract
Low
Invalid
Unchecked transfers
lyranfeline
Previous
1
2
3
...
More pages
7
Next
Support
FAQs
Can’t find an answer? Join our Discord or follow us on Twitter.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
How do I get rewarded?
What is a First Flight?
Give us feedback!
