Beanstalk: The Finale

Beanstalk

DeFiHardhatFoundry

250,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Potential Integer Overflow in `powerOfTen` Function

ethworker

Summary

The powerOfTen function in MetadataImage.sol is susceptible to an integer overflow when handling very large stem values. This could lead to incorrect calculation of the scientific notation for the stem, potentially causing unexpected behavior or errors in the contract.

Vulnerability Details

The powerOfTen function determines the exponent for scientific notation based on the range of the input stem value. However, it does not properly handle cases where the stem value is greater than or equal to 1e28. The function uses an if-else ladder to determine the exponent, and the last condition is:

} else if (stem < 1e28) {

return stemDecimals(stem, 27);

} else {

return stemDecimals(stem, 28); // Potential overflow

}

If the stem value is 1e28 or greater, the function will attempt to return stemDecimals(stem, 28). However, the stemDecimals function divides the stem by 10 raised to the power of the exponent. In this case, it would attempt to calculate stem / 10**28, which could result in an integer overflow if the stem value is too large.

Impact

An integer overflow in the powerOfTen function could lead to incorrect calculation of the scientific notation for the stem value. This could have several potential impacts:

Incorrect Metadata: The metadata associated with the Beanstalk Silo Deposit NFT could display an incorrect stem value, misleading users about the actual value.
Unexpected Behavior: The incorrect stem value could be used in other parts of the contract, potentially leading to unexpected behavior or errors.
Loss of Funds: In the worst-case scenario, if the incorrect stem value is used in critical calculations, it could potentially lead to a loss of funds for users.

Tools Used

Manual code review
Solidity static analysis tools

Recommendations

To mitigate this vulnerability, consider the following recommendations:

Input Validation: Add input validation to the powerOfTen function to ensure that the stem value is within a safe range that will not cause an integer overflow.
Safe Math Libraries: Utilize a safe math library like OpenZeppelin's SafeMath to perform arithmetic operations in the powerOfTen and stemDecimals functions. This would automatically check for overflows and underflows, preventing unexpected behavior.
Alternative Calculation: Consider using an alternative method for calculating the scientific notation that is less susceptible to integer overflows. For example, you could use logarithms to determine the exponent.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

250,000 USDC

nSLOC

12,285

20 USDC / LOC

High Medium

220,000 USDC

Low

10,000 USDC

Judges

20,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.