DeFiHardhat
21,000 USDC
View results
Submission Details
Severity: low
Invalid

Potential Manipulation of Time-Weighted Average DeltaB Calculation in Beanstalk Protocol

Description:

There is a potential vulnerability within the twaDeltaB function of the LibWellMinting library used in the Beanstalk protocol. The function calculates the time-weighted average deltaB (deltaB) for a Well. The deltaB is a crucial metric for understanding the health and performance of a Well.

The potential vulnerability lies in the use of block.timestamp.sub(s.season.timestamp) to determine the elapsed time since the season began. In some theoretical scenarios, a malicious validator in a Proof-of-Stake (PoS) system could manipulate the block timestamp, affecting the calculated time difference. This, in turn, could influence the deltaB calculation within a single block.

Impact:

If exploited, a malicious actor could potentially:

Gain a temporary advantage in time-sensitive interactions with the Well Minting Oracle.
Disrupt the calculation of the deltaB for a specific Well within a single block.

Recommendations:

Consider implementing additional security measures within the LibWellMinting library, such as:
Validating timestamps against external oracles or reference points.
Implementing time bounds to limit the lookback window for deltaB calculations.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.