Description:
There is a potential vulnerability within the twaDeltaB function of the LibWellMinting library used in the Beanstalk protocol. The function calculates the time-weighted average deltaB (deltaB) for a Well. The deltaB is a crucial metric for understanding the health and performance of a Well.
The potential vulnerability lies in the use of block.timestamp.sub(s.season.timestamp) to determine the elapsed time since the season began. In some theoretical scenarios, a malicious validator in a Proof-of-Stake (PoS) system could manipulate the block timestamp, affecting the calculated time difference. This, in turn, could influence the deltaB calculation within a single block.
Impact:
If exploited, a malicious actor could potentially:
Gain a temporary advantage in time-sensitive interactions with the Well Minting Oracle.
Disrupt the calculation of the deltaB for a specific Well within a single block.
Recommendations:
Consider implementing additional security measures within the LibWellMinting library, such as:
Validating timestamps against external oracles or reference points.
Implementing time bounds to limit the lookback window for deltaB calculations.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.