Beanstalk Part 3

Beanstalk

DeFiHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

`LibFertilizer::getHumidity` incorrect calculation

kwakudr

Summary

https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/libraries/LibFertilizer.sol#L91-L104
Calculation for Seasons Between REPLANT_SEASON and END_DECREASE_SEASON
uint128 humidityDecrease = id.sub(REPLANT_SEASON).mul(5); humidity = RESTART_HUMIDITY.sub(humidityDecrease);
The decrease is calculated as (id - REPLANT_SEASON) * 5. This formula assumes a linear decrease of 0.5% per season, but the multiplication by 5 suggests a decrease of 5% per season, which is ten times the intended rate.

Vulnerability Details

`/**
 * @dev Calculates the Humidity for a given season.
 * The Humidity was 500% prior to Replant, after which it dropped to 250% (Season 6074)
 * and then decreased by an additional 0.5% each Season until it reached 20%.
 * The Humidity will remain at 20% until all Available Fertilizer is purchased.
 * @param id The season.
 * @return humidity The corresponding Humidity.
 */
function getHumidity(uint128 id) internal pure returns (uint128 humidity) {
    if (id == 0) return 5000;
    if (id >= END_DECREASE_SEASON) return 200;
    uint128 humidityDecrease = id.sub(REPLANT_SEASON).mul(5);
    humidity = RESTART_HUMIDITY.sub(humidityDecrease);
}`

Calculation for Seasons Between REPLANT_SEASON and END_DECREASE_SEASON
uint128 humidityDecrease = id.sub(REPLANT_SEASON).mul(5); humidity = RESTART_HUMIDITY.sub(humidityDecrease);
The decrease is calculated as (id - REPLANT_SEASON) * 5. This formula assumes a linear decrease of 0.5% per season, but the multiplication by 5 suggests a decrease of 5% per season, which is ten times the intended rate.
There is no check to ensure that humidity does not fall below the minimum threshold of 20% before END_DECREASE_SEASON. This could lead to negative or incorrect humidity values if the decrease calculation results in a value greater than RESTART_HUMIDITY.

Impact

The multiplication by 5 suggests a decrease of 5% per season, which is ten times the intended rate.

Tools Used

Manual Review

Recommendations

+ `function getHumidity(uint128 id) internal pure returns (uint128 humidity) {
if (id == 0) return 5000;
if (id >= END_DECREASE_SEASON) return 200;
if (id < REPLANT_SEASON) return 2500; // Ensure correct value before decrease starts

uint128 seasonsSinceReplant = id - REPLANT_SEASON;
uint128 humidityDecrease = seasonsSinceReplant / 2; // Decrease by 0.5% per season
humidity = RESTART_HUMIDITY - humidityDecrease;

if (humidity < 200) {
    humidity = 200; // Ensure humidity does not fall below 20%
}

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,104

19 USDC / LOC

High Medium

17,900 USDC

Low

1,000 USDC

Judges

2,100 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.