Beanstalk: The Finale

Beanstalk

DeFiHardhatFoundry

250,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Slippage protection is missing swapping bean token for sopToken

asefewwexa

Line of code

https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/df2dd129a878d16d4adc75049179ac0029d9a96b/protocol/contracts/libraries/Silo/LibFlood.sol#L299

Summary

There is no slippage when swapping bean for SOP token

Vulnerability Details

In the sopWell function, we are swapping bean for a SOP token which will be distributed to the stalkholders during a season of plenty (flood). The problem arises because there is no slippage control when we swap beans for the SOP token.

uint256 amountOut = IWell(wellDeltaB.well).swapFrom(

C.bean(),

sopToken,

sopBeans,

address(this),

type(uint256).max

here is the interface for IWell

/**

* @notice Swaps from an exact amount of `fromToken` to a minimum amount of `toToken`.

* @param fromToken The token to swap from

* @param toToken The token to swap to

* @param amountIn The amount of `fromToken` to spend

* @param minAmountOut The minimum amount of `toToken` to receive

* @param recipient The address to receive `toToken`

* @param deadline The timestamp after which this operation is invalid

* @return amountOut The amount of `toToken` received

function swapFrom(

IERC20 fromToken,

IERC20 toToken,

uint256 amountIn,

uint256 minAmountOut,

address recipient,

uint256 deadline

) external returns (uint256 amountOut);

as we can see from the snippet above we have set the slippage parameter to 0, this will allow the swap to be sandwiched by a malicious user. Additionally the deadline has been set to uint256 max, this furthers the problem and makes it easier for a sandwich attack to happen/ swapping at an unfavorable price if the transaction pending for a long time and the slippage setting is outdated.

Impact

Because the swapped funds or SOP tokens go directly to stalkholders, the lack of slippage in this critical function will cuase the amount of SOP token that is paid out to the stalkholders to be alot lower than it should, and it some cases almost 0. Loss of funds

Tools Used

manual review

Recommendations

Allow for slippage to be set and do not have such a long deadline to ensure we are swapping beans for SOP tokens at the optimal price.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

Lack of slippage in sopWell

Prize pool breakdown

Total prize

250,000 USDC

nSLOC

12,285

20 USDC / LOC

High Medium

220,000 USDC

Low

10,000 USDC

Judges

20,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.