Beanstalk: The Finale

Beanstalk

DeFiHardhatFoundry

250,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

`ReseedL2Migration#init()` lacks any access control whatsoever

bauchibred

Summary

The ReseedL2Migration is intended to be used to pause Beanstalk on L1 and then transfer liquidity to the BCM, but it lacks any functionality that ensures that the caller is trusted, which then means that anyone at any time can pause Beanstalk on L1.

Vulnerability Details

Take a look at https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/8c8710df547f7d7c5dd82c5381eb6b34532e4484/protocol/contracts/beanstalk/init/reseed/L1/ReseedL2Migration.sol#L27-L48

function init() external {

// Pause beanstalk, preventing future sunrises.

s.paused = true;

s.pausedAt = uint128(block.timestamp);

emit Pause(block.timestamp);

// transfer the following whitelisted silo assets to the BCM:

// bean:eth

IERC20 beanEth = IERC20(C.BEAN_ETH_WELL);

uint256 beanEthBalance = beanEth.balanceOf(address(this));

beanEth.transfer(BCM, beanEthBalance);

// BEAN:WstETH

IERC20 beanwsteth = IERC20(C.BEAN_WSTETH_WELL);

uint256 beanwstethBalance = beanwsteth.balanceOf(address(this));

beanwsteth.transfer(BCM, beanwstethBalance);

// BEAN:3CRV

IERC20 bean3crv = IERC20(C.CURVE_BEAN_METAPOOL);

uint256 bean3crvBalance = bean3crv.balanceOf(address(this));

bean3crv.transfer(BCM, bean3crvBalance);

}

This function is used to first pause Beanstalk in order to prevent further sunrises and then it transfers out the whitlelisted silo assets to the BCM so as to end upe being migrated to the L2. Issue however is that this method lacks any access control whatsoever and would lead to anybody being able to call this function which would then Pause Beanstalk on L1.

Impact

Any one can pause Beanstalk on the L1 and prevent further sunrises, leading to a DOS of core functionalities that could lead to different issues, be it loss of funds cause users can't access functionalities they'd like to or what not.

Tools Used

Manual review

Recommendations

Introduce an access control mechanism to ReseedL2Migration#init()

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

`ReseedL2Migration#init()` lacks any access control

Appeal created

bauchibred Submitter

12 months ago

inallhonesty Lead Judge

12 months ago

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

`ReseedL2Migration#init()` lacks any access control

Prize pool breakdown

Total prize

250,000 USDC

nSLOC

12,285

20 USDC / LOC

High Medium

220,000 USDC

Low

10,000 USDC

Judges

20,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.