Beanstalk: The Finale
Beanstalk
DeFiHardhatFoundry
250,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

L2ContractMigrationFacet doesn't increase total Stalk and Roots

T1MOH

Summary

L2ContractMigrationFacet is used to migrate deposits owned by smart contracts.

Problem is that it increases balance of Stalk and Roots associated with migrated deposit, but never updates global balances of Stalk in Roots in Silo.

Vulnerability Details

As you can see it increases only account's balance but never updates global balances during migration
https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/df2dd129a878d16d4adc75049179ac0029d9a96b/protocol/contracts/beanstalk/silo/L2ContractMigrationFacet.sol#L205-L211

function setStalk(address account, uint256 accountStalk, uint256 accountRoots) internal {
s.accts[account].stalk += accountStalk;
s.accts[account].roots += accountRoots;
// emit event.
emit StalkBalanceChanged(account, int256(accountStalk), int256(accountRoots));
}

Impact

Core invariant totalBalance = Sum(userIndividualBalances) for both Roots and Stalk is broken.

It causes incorrect calculations in all the functions where s.sys.silo.roots and s.sys.silo.stalk are used. Such as:

  1. LibSilo.mintActiveStalk() - incorrect amount of Stalk and Roots is minted for all new deposits.

  2. LibSilo.burnActiveStalk() - incorrect amount of Stalk and Roots is burned in all withdrawals.

  3. LibSilo.transferStalk() - incorrect amount of Stalk and Roots is transferred in all transfers.

Tools Used

Manual Review

Recommendations

Increase global balances s.sys.silo.stalk and s.sys.silo.roots in L2ContractMigrationFacet.setStalk()

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

L2ContractMigrationFacet doesn't increase total Stalk and Roots

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.