Beanstalk: The Finale
Beanstalk
DeFiHardhatFoundry
250,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

DoS - Bean migration is not possible due to faulty logic

holydevoti0n

Summary

BeanL1RecieverFacet will receive data from L1 and mint Beans on L2 accordingly.

The problem is that the faucet has the constant EXTERNAL_L1_BEANS defined with 0.

This constant is used to check whether the protocol can mint more beans yet(max beans to be minted should be <= external l1 beans).

uint256 constant EXTERNAL_L1_BEANS = 0;
....
function recieveL1Beans(address reciever, uint256 amount) external nonReentrant {
// verify msg.sender is the cross-chain messenger address, and
// the xDomainMessageSender is the L1 Beanstalk contract.
require(
msg.sender == address(BRIDGE) &&
IL2Messenger(BRIDGE).xDomainMessageSender() == L1BEANSTALK
);
s.sys.migration.migratedL1Beans += amount;
require(
@> EXTERNAL_L1_BEANS >= s.sys.migration.migratedL1Beans, // @audit <= impossible to mint any amount
"L2Migration: exceeds maximum migrated"
);
}

Impact

  • Protocol will fail to migrate Beans to L2(User transactions will revert).

  • Users will lose money by paying the gas fee

Tools Used

Manual Review

Recommendations

Set the EXTERNAL_L1_BEANS to represent the total amount of Beans expected to be migrated to L2.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

`EXTERNAL_L1_BEANS` defined with `0` will fail require(EXTERNAL_L1_BEANS >= s.sys.migration.migratedL1Beans, "L2Migration: exceeds maximum migrated");

Appeal created

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

`EXTERNAL_L1_BEANS` defined with `0` will fail require(EXTERNAL_L1_BEANS >= s.sys.migration.migratedL1Beans, "L2Migration: exceeds maximum migrated");

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.