DeFiHardhatFoundry
250,000 USDC
View results
Submission Details
Severity: medium
Invalid

Missing Input Validation in `uri` Function

Summary

The uri function in the MetadataFacet contract lacks input validation for the depositId parameter. This could lead to unexpected behavior or errors if an invalid depositId is provided, as the function assumes the input is correctly formed by concatenating a token address and a stem.

Vulnerability Details

The uri function takes a depositId as input and uses LibBytes.unpackAddressAndStem to extract the token address and stem from it. However, there are no checks to ensure that the depositId is valid or that it was created using the expected format.

If a user provides an invalid depositId, the following issues could arise:

  • Incorrect Token and Stem Values: The unpackAddressAndStem function might extract incorrect token and stem values, leading to the generation of an incorrect URI.

  • Unexpected Reverts: The subsequent logic in the uri function, which relies on the extracted token and stem values, might revert due to unexpected values, causing the function to fail.

  • Denial of Service: In some cases, an invalid depositId could trigger a revert in a way that consumes excessive gas, potentially leading to a denial-of-service (DoS) attack.

Impact

The impact of this vulnerability depends on how the uri function is used within the Beanstalk ecosystem. If the function is called with untrusted user input, an attacker could potentially exploit this lack of validation to:

  • Manipulate Metadata: Generate incorrect URIs for deposits, leading to misleading or inaccurate metadata.

  • Disrupt Functionality: Cause the uri function to revert unexpectedly, disrupting the normal operation of the contract.

  • Launch DoS Attacks: In some cases, trigger reverts that consume excessive gas, potentially leading to a DoS attack.

Tools Used

  • Manual code review

Recommendations

To mitigate this vulnerability, add input validation to the uri function. This could include:

  1. Validate Deposit ID Structure: Check if the depositId is correctly formed by concatenating a valid token address and a stem.

  2. Check Token Whitelist: Verify if the extracted token address is in the silo whitelist to ensure it's a supported token.

  3. Stem Range Check: Ensure that the extracted stem value is within the valid range for the given token.

By implementing these checks, the uri function can be made more robust and resistant to errors caused by invalid input.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.