Beanstalk: The Finale

Beanstalk

DeFiHardhatFoundry

250,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

incorrect Recapitalization Handling in Fertilizer Minting function

baouch21

Summary

the mintFertilizer function is contains an inconsistency in handling the remaining recapitalization amount, potentially leading to unintended failures when minting Fertilizer tokens. This inconsistency arises from precision issues and restrictive calculations, which can cause the function to reject valid minting operations.

Vulnerability Details

The mintFertilizer function is allows users to purchase Fertilizer tokens using Barn Raise tokens. The number of Fertilizer tokens minted is based on the value of the Barn Raise tokens in USD. an dThe function ensures that the amount of Fertilizer tokens minted does not exceed the remaining recapitalization limit. so the calculation and validation of the remaining recapitalization amount is introduce precision issues, that is leading to unintended assertion failures here is the vulnerable line :

uint128 remaining = uint128(LibFertilizer.remainingRecapitalization().div(1e6));

require(fertilizerAmountOut <= remaining, "Fertilizer: Not enough remaining.");

The division by 1e6 and subsequent casting to uint128 can cause a loss of precision, leading to a lower remaining value than intended.
and High input values for tokenAmountIn can result in fertilizerAmountOut exceeding the incorrectly calculated remaining recapitalization, causing valid operations to fail.

Impact

Valid users are unable to mint Fertilizer tokens due to incorrect failure of the remaining recapitalization check.

An attackercan exploit this bug by deliberately using high input values for tokenAmountIn, causing the fertilizerAmountOut to exceed the erroneously calculated remaining recapitalization. This can prevent other users from minting Fertilizer tokens, effectively causing a DoS for valid minting operations.
as path of Attack:
- The attacker observes the precision issue in the calculation of the remaining recapitalization.
- The attacker provides a high value for tokenAmountIn, resulting in a high fertilizerAmountOut.
- The function checks if fertilizerAmountOut exceeds the inaccurately calculated remaining recapitalization.
- The check fails, preventing the minting operation, causing DoS for other users.

Tools Used

manual review

Recommendations

the recapitalization calculation should be accurately reflects the intended limits without unnecessary precision reductions and examlpe of fixing

uint256 remaining = LibFertilizer.remainingRecapitalization();

require(fertilizerAmountOut <= remaining, "Fertilizer: Not enough remaining.");

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

250,000 USDC

nSLOC

12,285

20 USDC / LOC

High Medium

220,000 USDC

Low

10,000 USDC

Judges

20,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.