Difference with variable decoding between `AdvancedPipeCall` and `AdvancedFarmCall`
Summary
The decoding order of copyReturnIndex, copyByteIndex and pasteByteIndex for AdvancedPipeCall and AdvancedFarmCall is different for the tractor and for the clipboard and can lead to unexpected results
Relevant GitHub Links:
https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/main/protocol/contracts/libraries/LibBytes.sol#L155-L172
https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/main/protocol/contracts/libraries/LibBytes.sol#L179-L206
Vulnerability Details
Looking closely to the functions pasteBytesClipboard and pasteBytesTractor we can see that there is a difference when decoding the copyReturnIndex, copyByteIndex and pasteByteIndex.
As we can see, the function pasteBytesClipboard extract these 3 indexes in the proper order accordingly to the pipeline docs.
However, in the pasteBytesTractor, the copyByteIndex and the copyReturnIndex are swapped. That could lead users to wrongly provide these 2 parameters swapped and get unexpected results in their advanced calls.
Impact
Medium
Tools Used
Manual review
Recommendations
Decode the 3 variables in the same order as the docs and the pasteBytesClipboard does.
Lead Judging Commences
`pasteBytesTractor` doesn't properly assign the `copyByteIndex` in `decode` line
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.