Beanstalk: The Finale
Beanstalk
DeFiHardhatFoundry
250,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect event emission parameter in TransferBatch event, should use LibTractor._user() instead of msg.sender

asefewwexa

Line of code

https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/df2dd129a878d16d4adc75049179ac0029d9a96b/protocol/contracts/libraries/Silo/LibSilo.sol#L635

Summary

the TransferBatch event emits the wrong address under certain conditions

Vulnerability Details

event TransferBatch(
address indexed operator,
address indexed from,
address indexed to,
uint256[] ids,
uint256[] values
);

The transferBatch event is emitted but does not emit the correct address in case a call is executed via blueprint on behalf of the publisher.

if (emission == ERC1155Event.EMIT_BATCH_EVENT) {
emit TransferBatch(msg.sender, account, address(0), removedDepositIDs, amounts);
}

as we can see above, the msg.sender is the address that is emitted in the first parameter. But this is not true in all cases. To be more specific, during blue print execution a user is executing on behalf of a publisher, so having the msg sender be the first param of the event will be erroneous.

Impact

When executing via blueprint the event will emit the incorrect address.

Tools Used

manual reveiw

Recommendations

instead of use msg.sender, the code needs to use LibTractor._user() to make sure the correct address operator is emitted in event emission if the call is executed during blueprint when the caller executes call onhalf of the publisher.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

event TransferBatch doesn't take tractor functionality into account

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.