Beanstalk Part 3

Beanstalk

DeFiHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Dangerous Casting

1337web3

Summary

The ConvertFacet::_depositTokensForConvert involves the potential risk associated with casting variables to different data types.

Vulnerability Detail

The ConvertFacet::_depositTokensForConvert suggests that the safeCast function may not be necessary in a particular context where a variable is being casted to uint128. However, there are concerns raised about potential problems in the future due to casting variables to different data types.

Impact

The impact of not using safeCast and potentially casting variables to different data types could lead to unexpected behaviour, vulnerabilities, or errors in the code.

Code Snippet

// safeCast not needed as stalk is <= max(uint128)

LibSilo.mintGerminatingStalk(

account,

uint128(bdv.mul(LibTokenSilo.stalkIssuedPerBdv(token))),

germ

);

Tool used

Manual Review

Recommendation

It's recommended to carefully evaluate the necessity of safeCast and consider the potential risks associated with casting variables to different data types. Additionally, setting grownStalk to a uint128 and casting it to uint256 where needed could help mitigate future problems.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Too generic

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,104

19 USDC / LOC

High Medium

17,900 USDC

Low

1,000 USDC

Judges

2,100 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.