Beanstalk: The Finale

Summary

The ConvertFacet contract in the Beanstalk protocol allows users to convert deposited assets within the Silo. However, the current implementation of the convert function does not enforce the peg status conditions specified in the NatSpec documentation.

Vulnerability Details

The convert function in the ConvertFacet contract is intended to allow users to convert their deposits from one asset to another, with specific conditions based on Beanstalk's peg status. The NatSpec documentation specifies:

• Users can convert LP into Beans only when Beanstalk is below peg.

• Users can convert Beans into LP only when Beanstalk is above peg.

However, the current implementation of the convert function does not check Beanstalk's peg status before performing these conversions. The peg status checks are critical to maintaining the protocol's intended functionality and economic incentives.

Some functions involved in the conversion process are:

• LibConvert.convert determines the type of conversion based on the convertData.

• LibUnripeConvert.convertLPToBeans handles the conversion from LP to Beans.

• LibUnripeConvert.convertBeansToLP handles the conversion from Beans to LP.

None of these functions currently enforce the peg status condition, which leads to this vulnerability.

Impact

Conversions not aligned with the peg status can disrupt the economic balance of the protocol. For example, converting Beans to LP when Beanstalk is below peg could worsen the imbalance. Malicious actors could exploit this vulnerability to perform arbitrage or other actions that could negatively impact the protocol's stability and users' assets.

Tools Used

Manual Review

Recommendations

Modify the convert flow to include checks for Beanstalk's peg status before allowing conversions.