Beanstalk: The Finale

Beanstalk

DeFiHardhatFoundry

250,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Locked ETH in L1TokenFacet.sol

heim

Summary

This report identifies a potential issue in L1TokenFacet.sol that could lead to locked ETH within the contract. The issue is related to the contract being marked as payable even though none of its functions currently process ETH payments.

Vulnerability Details

The L1TokenFacet contract is inherited from ReentrancyGuard which is itself marked as payable. This means that the L1TokenFacet contract inherits the payable modifier. While none of the functions within L1TokenFacet currently handle ETH payments, the contract itself can still receive ETH.

Impact

Loss of funds: If any ETH is accidentally or intentionally sent to the L1TokenFacet contract, it will be locked and inaccessible.

Tools Used

Manual code review

Recommendations

Consider removing the payable modifier from the L1TokenFacet contract. If future functionalities require receiving ETH payments, implement proper mechanisms to handle them securely.

Alternatively, you can add a modifier to all functions that restricts them from being called with a value greater than 0 (disallowing any ETH payments).

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

250,000 USDC

nSLOC

12,285

20 USDC / LOC

High Medium

220,000 USDC

Low

10,000 USDC

Judges

20,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.