Beanstalk: The Finale
Beanstalk
DeFiHardhatFoundry
250,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

The remaining of a `podListing` might be an unfillable amount

deadrosesxyz

Summary

User's podListing can remain an unfillable amount

Vulnerability Details

Users can create podListing to sell their plots in the MarketplaceFacet. When doing so, they set a minFillAmount

When a podListing is partially filled, it is automatically deleted and a new one is created for the remaining plots.

if (podReceiveAmount < podListing.podAmount) {
uint256 newIndex = podListing.index + podReceiveAmount + podListing.start;
s.sys.podListings[podListing.fieldId][newIndex] = _hashListing(
PodListing(
podListing.lister,
podListing.fieldId,
newIndex,
0,
podListing.podAmount - podReceiveAmount,
podListing.pricePerPod,
podListing.maxHarvestableIndex,
podListing.minFillAmount,
podListing.mode
)
);

The problem is that it is not checked that podListing.minFillAmount <= podListing.podAmount - podReceiveAmount, allowing for the creation of an unfillable podListing.

Impact

User's podListing might be unfillable

Tools Used

Manual review

Recommendations

If the new created podListing is for less than minFillAmount, change minFillAmount to the remaining value.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Lack of Validation for minFillAmount Less Than or Equal to podAmount in pod listing

Appeal created

inallhonesty Lead Judge
11 months ago
inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Lack of Validation for minFillAmount Less Than or Equal to podAmount in pod listing

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.