DeFiHardhatFoundry
250,000 USDC
View results
Submission Details
Severity: low
Valid

Incorrect logic in `BeanL1RecieverFacet` contract prevents successful migration of Beans to L2

Summary

A vulnerability was found in the smart contract BeanL1RecieverFacet that handles the migration of Beans to L2. The vulnerability is related to the second require statement, which checks if the total migrated beans exceed a maximum limit. The check is logically incorrect and will always fail if any amount greater than 0 is migrated.

Vulnerability Details

The vulnerability is in the function recieveL1Beans. The second require statement is:

require(EXTERNAL_L1_BEANS >= s.sys.migration.migratedL1Beans, "L2Migration: exceeds maximum migrated");

The constant EXTERNAL_L1_BEANS is set to 0 here. This means the total migrated beans s.sys.migration.migratedL1Beans must always be 0 for the condition to pass. When beans are migrated, s.sys.migration.migratedL1Beans is increased by amount, making the condition fail immediately if amount is greater than 0. This prevents any successful migration of beans.

Impact

Due to this vulnerability, the contract will not allow any migration of beans to L2. This makes the migration function unusable, which can affect the operations of the Beanstalk project.

Tools Used

Manual code review

Recommendations

Set EXTERNAL_L1_BEANS to a non-zero value that represents the actual maximum limit of beans that can be migrated.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

`EXTERNAL_L1_BEANS` defined with `0` will fail require(EXTERNAL_L1_BEANS >= s.sys.migration.migratedL1Beans, "L2Migration: exceeds maximum migrated");

Appeal created

whitehat777 Submitter
12 months ago
inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`EXTERNAL_L1_BEANS` defined with `0` will fail require(EXTERNAL_L1_BEANS >= s.sys.migration.migratedL1Beans, "L2Migration: exceeds maximum migrated");

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.