CodeHawks
Competitive Audits
First Flights
Judging
Leaderboard
Docs
Toggle theme
Connect Wallet
All Contests
Beanstalk Part 3
Submissions
Beanstalk Part 3
Beanstalk
Beanstalk Part 3
Beanstalk
DeFi
Hardhat
21,000
USDC
Public
21,000
USDC
May 6th, 2024 → May 20th, 2024
View repo
View results
119 / 119
Submissions
Severity
Validity
Tags
Author
#1
Potential Manipulation of Time-Weighted Average DeltaB Calculation in Beanstalk Protocol
Low
Invalid
sachinZmishra
#2
Relying on the lastoraclesnapshot within the twaDeltaB function is a mistake
Medium
Invalid
sachinZmishra
#3
Integer Overflow Vulnerability in ConvertFacet Contract
Medium
Invalid
emiridbest
#4
Denial of service from possible exhuastive loop iteration
Medium
Invalid
emiridbest
#5
Integer overflow risk
Medium
Invalid
emiridbest
#6
_withdrawTokens lacks input validation
Medium
Invalid
emiridbest
#7
```LibUnripe::getTotalRecapitalizedPercent``` returns wrong ```recapitalizedPercent``` if ```totalUsdNeeded``` is 0
Low
Valid
Recapitalized percent
KiteWeb3
#8
Peg mechanism is compromised due to logic to fetch min deltaB
Medium
Invalid
holydevoti0n
#9
Missing validation for ```totalUsdNeeded``` in ```LibUnripe::getPenalizedUnderlying``` can lead to the ```urBean``` chopping block
Low
Valid
Unripe Bean Chop DoS
KiteWeb3
#10
Incomplete Withdrawal Handling
Medium
Invalid
emiridbest
#11
Division Before Multiplication in `getPenalizedUnderlying()`
Medium
Invalid
Hajime
#12
Inflated BDV positions will not be updated due to lack of incentive
Medium
Invalid
holydevoti0n
#13
`LibSilo.sol::burnStalk` handles sop.roots incorrectly
High
Invalid
datamcrypto
#14
`Libsilo::transferStalk` has rounding and off-by-one error
Medium
Invalid
datamcrypto
#15
Missing Peg Condition Check in Convert Function
Low
Invalid
Rhaydden
#16
`LibSilo.sol::_mow` potential for skipped updates
High
Invalid
datamcrypto
#17
Potential Overflow in `getPenalizedUnderlying` Function
Low
Invalid
Rhaydden
#18
Attacker can yet exploit inflated BDV to earn more beans
High
Invalid
holydevoti0n
#19
Experimental feature enabled
Low
Invalid
Rhaydden
#20
Restrictive Underlying Token Switching and Lack of Event Emission in `switchUnderlyingToken` Function
Low
Invalid
Rhaydden
#21
`toString` function doesn't manage memory properly
Medium
Invalid
Rhaydden
#22
Lack of Gas Limit Control in sunrise Function leading to potentioal DOS
Medium
Invalid
emiridbest
#23
Syntax error in usage of `block.timestamp` in`incentivize` function
Medium
Invalid
emiridbest
#24
Hardcoded Boolean Value Leads to Inflexible Behavior
Medium
Invalid
Rhaydden
#25
Improvement Consideration in `LAMBDA_LAMBDA` Conversion Type in Beanstalk Protocol
Low
Invalid
Rhaydden
#26
Incorrect Reporting of Bean Distribution to Silo in Reward Event
Low
Invalid
Rhaydden
#27
Premature Minting of Tokens in `rewardBeans` Function
Low
Invalid
Rhaydden
#28
Variables need not be initialized to zero
Low
Invalid
golomp3761
#29
Incorrect Penalty Percentage Calculation in `getPercentPenalty` Function for `C.UNRIPE_BEAN`
Medium
Invalid
Rhaydden
#30
Missing `initialGasLeft` in the `incentivize`
High
Invalid
emiridbest
Previous
1
2
3
4
Next
Support
FAQs
Can’t find an answer? Join our Discord or follow us on Twitter.
What is Cyfrin CodeHawks?
What is a competitive audit?
How can I host a competition on CodeHawks?
How is a contest prize pool determined?
What is community judging?
How do I get rewarded?
What is a First Flight?
Give us feedback!
