Summary

The getNumStemsAndPlots function in MetadataImage.sol incorrectly calculates the number of plots to be displayed in the Beanstalk Silo Deposit NFT image. This miscalculation can lead to a visual discrepancy where the number of plots shown in the image is one more than the actual number of plots earned.

Vulnerability Details

The function getNumStemsAndPlots is responsible for calculating the number of stems and plots based on the grownStalkPerBDV value. The calculation for plots is as follows:

The issue lies in the unconditional addition of 1 to the result of numStems.div(16). This addition should only occur if there is a remainder after dividing numStems by 16. If numStems is perfectly divisible by 16, the current calculation will overestimate the number of plots by 1.

Impact

The impact of this vulnerability is primarily visual. The number of plots displayed in the Beanstalk Silo Deposit NFT image may be incorrect by one plot. This discrepancy could mislead users about the actual number of plots they have earned. However, it does not affect the underlying functionality or security of the contract, as the actual number of plots is correctly tracked elsewhere in the contract.

Tools Used

• Manual code review

Recommendations

To fix this issue, modify the calculation of plots in the getNumStemsAndPlots function as follows:

This corrected calculation will ensure that the number of plots is accurately determined, preventing the visual discrepancy in the NFT image.