Relevant GitHub Links

https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/df2dd129a878d16d4adc75049179ac0029d9a96b/protocol/contracts/beanstalk/silo/PipelineConvertFacet.sol#L90-L92

Summary

This vulnerability stems from the potential for a large stems array, which can lead to excessive gas consumption and possible denial of service (DoS) by exceeding the block gas limit.

Vulnerability Details

The loop iterates over the stems array, and if the array is excessively large, it can consume a significant amount of gas, potentially exceeding the block gas limit and causing the transaction to fail.

Impact

An attacker or a user with a large number of stems could exploit this vulnerability to cause a denial of service (DoS) by submitting transactions with a large stems array. This could prevent the contract from processing transactions efficiently, leading to failed transactions and disrupted services.

Tools Used

Manual code review

Recommendations

Enforce a maximum size for the stems array to prevent excessively large inputs.

uint256 constant MAX_STEMS = 100; // Set an appropriate maximum limit

require(stems.length <= MAX_STEMS, "Convert: Too many stems");

##Proof of Concept (PoC)
A PoC was created with 400 iterations in the stems array to demonstrate the increased gas consumption and potential for failure. The following script simulates the scenario:

Result: Transaction Failure: If the gas limit is exceeded, the transaction will fail and revert, consuming all provided gas and potentially causing a denial of service (DoS) for the contract.