Beanstalk Part 3

Description

Anti-Lambda convert are functions designed to decrease a deposit's BDV if the recorded BDV is greater than the current BDV. However, no checks are performed to verify this condition or the maximum decrease in BDV. Furthermore, the decreaseBdv boolean does not verify if the BDV actually decreases, allowing the BDV to increase during a lambda conversion. As a result, any user can increase or decrease the BDV at any time and for anyone due to the arbitrary account parameter.

No checks are performed for Lambda convert either, but there is no arbitrary account for this type of convert.

A user can create a payload with a fromAmount that does not exceed the actual balance and a toAmount that is larger or smaller than the normal amount to convert, thereby increasing or decreasing the deposit value of a user in the Silo.

Risk

Likelyhood: High

• Anyone, anytime (no condition for decrease and no maximum decrease).

Impact: High

• Can increase the deposit of the attacker to steal funds.

• Can reduce the deposit of anyone to 1 wei. (condition for no 0 amount in ConvertFacet::_depositTokensForConvert)

Recommended Mitigation

Although the account parameter appears to be a design choice for adjusting the BDV in the silo, its arbitrary nature makes it difficult to manage. Consider adding a privileged role to use the anti-lambda function or add several checks to ensure its proper use:

• Minimum/maximum amount to convert

• Condition for using the anti-lambda function as recordedBDV > currentBDV, etc