Beanstalk Part 3
Beanstalk
DeFiHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Error Handling Flaw in initializeOracle Function Leading to Inconsistent State

hunter_w3b

Summary

The initializeOracle function in the LibWellMinting contract contains error handling when initializing the Well Minting Oracle. Specifically, the function fails to handle the scenario where readCumulativeReserves fails.

Vulnerability Details

The initializeOracle function attempts to read the cumulative reserves using readCumulativeReserves. However, if this call fails, the function catches the error and emits an event with an empty byte array. This simplistic error handling approach can result in an uninitialized oracle state.

Code Snippet

function initializeOracle(address well) internal {
AppStorage storage s = LibAppStorage.diamondStorage();
// If pump has not been initialized for `well`, `readCumulativeReserves` will revert.
// Need to handle failure gracefully, so Sunrise does not revert.
Call[] memory pumps = IWell(well).pumps();
try ICumulativePump(pumps[0].target).readCumulativeReserves(
well,
pumps[0].data
) returns (bytes memory lastSnapshot) {
s.wellOracleSnapshots[well] = lastSnapshot;
emit WellOracle(s.season.current, well, 0, lastSnapshot);
} catch {
emit WellOracle(s.season.current, well, 0, new bytes(0));
}
}

Lack of Proper Error Handling

  • Inaccurate Event Emission: Emitting an event with an empty byte array may not provide sufficient information for the failure.

Impact

An uninitialized can cause incorrect delta B values and affect the contract's overall functionality.

Tools Used

Manual Review

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.