Beanstalk: The Finale
Beanstalk
DeFiHardhatFoundry
250,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Underflow Issue in `__update` Function of `Fertilizer` Contract

0xbeastboy

Summary

The __update function in the Fertilizer contract has a potential underflow vulnerability when calculating the difference between stopBpf and _balances[ids[i]][account].lastBpf. This issue could result in incorrect calculations and potentially disrupt the contract's expected behavior.

Vulnerability Details

See the following code:

function __update(
address account,
uint256[] memory ids,
uint256 bpf
) internal returns (uint256 beans) {
for (uint256 i; i < ids.length; ++i) {
uint256 stopBpf = bpf < ids[i] ? bpf : ids[i];
uint256 deltaBpf = stopBpf - _balances[ids[i]][account].lastBpf;
if (deltaBpf > 0) {
beans = beans.add(deltaBpf.mul(_balances[ids[i]][account].amount));
_balances[ids[i]][account].lastBpf = uint128(stopBpf);
}
}
emit ClaimFertilizer(ids, beans);
}

The subtraction stopBpf - _balances[ids[i]][account].lastBpf can cause an underflow if stopBpf is less than _balances[ids[i]][account].lastBpf.

Impact

Even if one of the ids has this issue,the whole process will revert. So it will lead to DOS on regular basis.

Recommendation

To mitigate this issue, add a safety check to ensure that the subtraction only occurs when stopBpf is greater than _balances[ids[i]][account].lastBpf.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.