DeFiHardhatFoundry
250,000 USDC
View results
Submission Details
Severity: low
Invalid

BeanstalkERC20 tokens cannot be paused

Summary

BeanstalkERC20 tokens can't be paused contrary to desired functionality as the ERC20Pausable contract is not inherited, and the pauser role is not granted.

Vulnerability Details

From the contract description, the various characteristics of the token includes the ability for the holders to burn it, which is enforced by inheriting ERC20Burnable, a minter role to mint the tokens, which is enforced by inheriting AccessControl and granting the MINTER_ROLE to the admin. And the pauser role that allows to stop token transfers. This role is intended to be granted to the admin also.
This role however is not granted, neither is the ERC20Pausable contract inherited, so tokens cannot be paused and therole's functionality cannot be enforced.

/**

  • @dev {ERC20} token, including:

    • ability for holders to burn (destroy) their tokens

    • a minter role that allows for token minting (creation)

    • a pauser role that allows to stop all token transfers
      ..SKIP..

  • The account that deploys the contract will be granted the minter and pauser

  • roles, as well as the default admin role, which will let it grant both minter

  • and pauser roles to other accounts.
    */

Impact

Incase of an emergency when the beanstalk tokens are to be paused, there's no pauser to pause it, neither can it be paused.

Tools Used

Manual Code Review

Recommendations

Inherit ERC20Pausable.sol and declare a pauser role that can pause the tokens.

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

BeanstalkERC20 tokens cannot be paused

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.