Summary

The LibWellMinting contract has ABIEncoderV2 enabled, as seen by the pragma directive `pragma experimental ABIEncoderV2. This experimental feature allows the contract to use complex types, such as structs and arbitrarily nested arrays, in function arguments and return values.

Albeit, the use of ABIEncoderV2 comes with certain risks, particularly when dealing with types shorter than 32 bytes, such as bytesNN, bool, and enum, when they are part of an array or a struct and encoded directly from storage. In such cases, if these storage references are used directly inside abi.encode(...) as arguments in external function calls or in event data without prior assignment to a local variable, it can lead to data corruption or invalid reverts.

In short, the LibWellMinting contract has ABIEncoderV2 enabled, which could potentially lead to issues with shorter-than-32-bytes types in certain scenarios.

There are several instances in several contracts which are in scope:

• https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/libraries/Minting/LibWellMinting.sol#L6

• https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/libraries/LibUnripe.sol#L4

• https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/libraries/LibFertilizer.sol#L6

• https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/libraries/LibChop.sol#L4

• https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/libraries/Convert/LibLambdaConvert.sol#L4

• https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/libraries/Convert/LibConvertData.sol#L4

• https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/libraries/Convert/LibConvert.sol#L4

• https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/libraries/Convert/LibChopConvert.sol#L4

• https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/beanstalk/sun/SeasonFacet/Sun.sol#L4

• https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/beanstalk/silo/ConvertFacet.sol#L6

• https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/beanstalk/barn/UnripeFacet.sol#L6

Recommendation

When possible, do not use experimental features in the final live deployment. Validate and check that all the conditions above are true for integers and arrays (i.e. all using uint256).