Beanstalk: The Finale

Beanstalk

DeFiHardhatFoundry

250,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Missing Input Validation in `uri` Function

ethworker

Summary

The uri function in the MetadataFacet contract lacks input validation for the depositId parameter. This could lead to unexpected behavior or errors if an invalid depositId is provided, as the function assumes the input is correctly formed by concatenating a token address and a stem.

Vulnerability Details

The uri function takes a depositId as input and uses LibBytes.unpackAddressAndStem to extract the token address and stem from it. However, there are no checks to ensure that the depositId is valid or that it was created using the expected format.

If a user provides an invalid depositId, the following issues could arise:

Incorrect Token and Stem Values: The unpackAddressAndStem function might extract incorrect token and stem values, leading to the generation of an incorrect URI.
Unexpected Reverts: The subsequent logic in the uri function, which relies on the extracted token and stem values, might revert due to unexpected values, causing the function to fail.
Denial of Service: In some cases, an invalid depositId could trigger a revert in a way that consumes excessive gas, potentially leading to a denial-of-service (DoS) attack.

Impact

The impact of this vulnerability depends on how the uri function is used within the Beanstalk ecosystem. If the function is called with untrusted user input, an attacker could potentially exploit this lack of validation to:

Manipulate Metadata: Generate incorrect URIs for deposits, leading to misleading or inaccurate metadata.
Disrupt Functionality: Cause the uri function to revert unexpectedly, disrupting the normal operation of the contract.
Launch DoS Attacks: In some cases, trigger reverts that consume excessive gas, potentially leading to a DoS attack.

Tools Used

Manual code review

Recommendations

To mitigate this vulnerability, add input validation to the uri function. This could include:

Validate Deposit ID Structure: Check if the depositId is correctly formed by concatenating a valid token address and a stem.
Check Token Whitelist: Verify if the extracted token address is in the silo whitelist to ensure it's a supported token.
Stem Range Check: Ensure that the extracted stem value is within the valid range for the given token.

By implementing these checks, the uri function can be made more robust and resistant to errors caused by invalid input.

Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

250,000 USDC

nSLOC

12,285

20 USDC / LOC

High Medium

220,000 USDC

Low

10,000 USDC

Judges

20,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.