Summary

The absence of a peg condition check in the convert function allows users to convert between different types of deposits (e.g., LP to Bean, Bean to LP) without adhering to the intended economic conditions (beanstalk being below or above peg.

Impact

This could lead to unforseen consequences and exploitation, as the function may be used in scenarios that were not intended by the beanstalk team, potentially destabilizing the tokenomics of the platform.

Proof of Concept

The NatSpec comments suggest that conversions should only occur under specific conditions related to the beanstalk's peg state:

https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/beanstalk/silo/ConvertFacet.sol#L57-L58

However, the implementation of the convert function does not include any checks for the beanstalk's peg state:

https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/beanstalk/silo/ConvertFacet.sol#L68-L100

This discrepancy means that the function does not enforce the documented conversion conditions, potentially allowing conversions that should be restricted based on the economic state of the beanstalk.

Tools Used

Manual review

Recommendations:

Consider introducing a logic to check the beanstalk's peg state before allowing conversions. This could be by accessing a state variable or calling a function that returns whether the beanstalk is above or below its peg. Add conditional checks to enforce that "LP to Bean" conversions only occur when the beanstalk is below peg and "Bean to LP" conversions only occur when the beanstalk is above peg.
Something like:

 ```diff

• // Assuming isBeanstalkAbovePeg() returns true if beanstalk is above peg
  

• require(
  

•     (cp.fromToken == beanToken && !isBeanstalkAbovePeg()) ||
  

•     (cp.toToken == beanToken && isBeanstalkAbovePeg()),
  

•     "Convert: Invalid peg state for conversion."
  

• );
  

  ​