Beanstalk: The Finale

Summary

The return value of an external transfer/transferFrom call is not checked

Vulnerability Details

• ReseedL2Migration::init() (contracts/beanstalk/init/reseed/L1/ReseedL2Migration.sol#27-48) ignores return value by beanEth.transfer(BCM,beanEthBalance) (contracts/beanstalk/init/reseed/L1/ReseedL2Migration.sol#37)

• ReseedL2Migration::init() (contracts/beanstalk/init/reseed/L1/ReseedL2Migration.sol#27-48) ignores return value by beanwsteth.transfer(BCM,beanwstethBalance) (contracts/beanstalk/init/reseed/L1/ReseedL2Migration.sol#42)

• ReseedL2Migration::init() (contracts/beanstalk/init/reseed/L1/ReseedL2Migration.sol#27-48) ignores return value by bean3crv.transfer(BCM,bean3crvBalance) (contracts/beanstalk/init/reseed/L1/ReseedL2Migration.sol#47)

• LibPipelineConvert::executePipelineConvert(address,address,uint256,uint256,uint256,AdvancedFarmCall[]) (contracts/libraries/Convert/LibPipelineConvert.sol#37-75) ignores return value by IERC20(inputToken).transfer(C.PIPELINE,fromAmount) (contracts/libraries/Convert/LibPipelineConvert.sol#53)

• LibWellConvert::_wellAddLiquidityTowardsPeg(uint256,uint256,address) (contracts/libraries/Convert/LibWellConvert.sol#177-187) ignores return value by C.bean().transfer(well,beansConverted) (contracts/libraries/Convert/LibWellConvert.sol#185)

• LibFertilizer::addUnderlying(uint256,uint256,uint256) (contracts/libraries/LibFertilizer.sol#85-143) ignores return value by IERC20(barnRaiseToken).transferFrom(LibTractor._user(),address(this),uint256(tokenAmountIn)) (contracts/libraries/LibFertilizer.sol#116-120)

Impact

Unchecked transfers result in lost funds from exploits

Tools Used

Slither

Recommendations

Use SafeERC20, or ensure that the transfer/transferFrom return value is checked.