Beanstalk Part 3

Beanstalk

DeFiHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Desynchronized implementation of the recap viewers

bauchibred

Summary

Vulnerability Details

Take a look at https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/libraries/LibUnripe.sol#L178-L184

function getTotalRecapitalizedPercent() internal view returns (uint256 recapitalizedPercent) {

AppStorage storage s = LibAppStorage.diamondStorage();

uint256 totalUsdNeeded = LibFertilizer.getTotalRecapDollarsNeeded();

if(totalUsdNeeded == 0) return 0;

return s.recapitalized.mul(DECIMALS).div(totalUsdNeeded);

}

This function returns the total percentage that beanstalk has recapitalized and this is calculated by the ratio of s.recapitalized and the total dollars the barnraise needs to raise, and the documentation hints that this finalized with the same same precision as getRecapPaidPercentAmount (100% recapitalized = 1e6).

However going to the implementation of getRecapPaidPercentAmount https://github.com/Cyfrin/2024-05-Beanstalk-3/blob/662d26f12ee219ee92dc485c06e01a4cb5ee8dfb/protocol/contracts/libraries/LibUnripe.sol#L233-L239

function getRecapPaidPercentAmount(

uint256 amount

) internal view returns (uint256 penalizedAmount) {

AppStorage storage s = LibAppStorage.diamondStorage();

return s.fertilizedIndex.mul(amount).div(s.unfertilizedIndex);

}

We can see that the latter implementation lacks any multiplication whatsoever to the DECIMALS var, which indicates that the value returned is going to be deflated by 1e6

Impact

Contract fails to return promised values, since sister functions heavily desynchronizes from each other, would be key to note that that these functions are both heavily used in the UnripeFacet.

Tools Used

Manual review

Recommendations

Consider having both implementation multiply their calculation by the DECIMALS var.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,104

19 USDC / LOC

High Medium

17,900 USDC

Low

1,000 USDC

Judges

2,100 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.