A vulnerability was found in the smart contract BeanL1RecieverFacet
that handles the migration of Beans to L2. The vulnerability is related to the second require
statement, which checks if the total migrated beans exceed a maximum limit. The check is logically incorrect and will always fail if any amount greater than 0 is migrated.
The vulnerability is in the function recieveL1Beans
. The second require
statement is:
The constant EXTERNAL_L1_BEANS
is set to 0 here. This means the total migrated beans s.sys.migration.migratedL1Beans
must always be 0 for the condition to pass. When beans are migrated, s.sys.migration.migratedL1Beans
is increased by amount, making the condition fail immediately if amount is greater than 0. This prevents any successful migration of beans.
Due to this vulnerability, the contract will not allow any migration of beans to L2. This makes the migration function unusable, which can affect the operations of the Beanstalk project.
Manual code review
Set EXTERNAL_L1_BEANS
to a non-zero value that represents the actual maximum limit of beans that can be migrated.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.