Beanstalk: The Finale

Beanstalk

DeFiHardhatFoundry

250,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Absence of ```stETH:ETH``` Price Feed on Certain Layer 2 Networks leads to inaccurate ```wstETH:ETH``` price

kiteweb3

Summary

The LibWstethEthOracle calculates the wstETH:ETH price by aggregating data from four distinct sources: the wstETH:stETH redemption rate, the stETH:ETH Chainlink oracle, the wstETH:ETH Uniswap pool, and a fixed stETH:ETH redemption rate of 1:1. These sources are combined in three different ways to determine the final price. However, the availability of the Chainlink oracle for stETH:ETH, varies across different Layer 2 (L2) networks, impacting the contract's functionality on networks where the oracle is absent.

Vulnerability Details

The core vulnerability arises from the reliance on external data sources, specifically the Chainlink oracle for stETH:ETH, which is not uniformly available across all L2 networks. This inconsistency affects the contract's ability to perform accurate price computations on networks lacking the necessary oracle support.

/**

* @title Wsteth Eth Oracle Library

* @author brendan

* @notice Computes the wstETH:ETH price.

* @dev

* The oracle reads from 4 data sources:

* a. wstETH:stETH Redemption Rate: (0x7f39C581F595B53c5cb19bD0b3f8dA6c935E2Ca0)

* b. stETH:ETH Chainlink Oracle: (0x86392dC19c0b719886221c78AB11eb8Cf5c52812)

* c. wstETH:ETH Uniswap Pool: (0x109830a1AAaD605BbF02a9dFA7B0B92EC2FB7dAa)

* d. stETH:ETH Redemption: (1:1)

* It then computes the wstETH:ETH price in 3 ways:

* 1. wstETH -> ETH via Chainlink: a * b

* 2. wstETH -> ETH via wstETH:ETH Uniswap Pool: c * 1

* 3. wstETH -> ETH via stETH redemption: a * d

* It then computes a wstETH:ETH price by taking the minimum of (3) and either the average of (1) and (2)

* if (1) and (2) are within `MAX_DIFFERENCE` from each other or (1).

**/

library LibWstethEthOracle {

... //omitted code

}

Impact

The core vulnerability arises from the reliance on external data sources, specifically the Chainlink oracle for stETH:ETH, which is not uniformly available across all L2 networks. The stETH:ETH is available on Ethereum Mainnet, Arbitrum, Optimism and Base. But it isn't available for example on Polygon, Avalanche, etc (ref. to chainlink docs https://docs.chain.link/data-feeds/price-feeds/addresses?network=polygon&page=1&search=stETH%3AETH).
On L2 networks without the required Chainlink oracle, the contract fails to compute the wstETH:ETH price accurately.

Tools Used

Manual review.

Recommendations

Check if the stETH:ETH Chainlink oracle is available for a specific L2 before to deploy.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Informational/Gas

Invalid as per docs https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity

`stETH:ETH` price feed not available everywhere

Prize pool breakdown

Total prize

250,000 USDC

nSLOC

12,285

20 USDC / LOC

High Medium

220,000 USDC

Low

10,000 USDC

Judges

20,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.