Beanstalk: The Finale

Beanstalk

DeFiHardhatFoundry

250,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Unbounded loop will cause out of gas and prevent init of ReseedSilo and ReseedBarn

asefewwexa

Line of code

https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/df2dd129a878d16d4adc75049179ac0029d9a96b/protocol/contracts/beanstalk/init/reseed/L2/ReseedSilo.sol#L77

https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/df2dd129a878d16d4adc75049179ac0029d9a96b/protocol/contracts/beanstalk/init/reseed/L2/ReseedBarn.sol#L85

Summary

Unbounded loop will cause out of gas and prevent init of ReseedSilo and ReseedBarn

Vulnerability Details

function init(

SiloDeposits calldata beanDeposits,

SiloDeposits calldata beanEthDeposits,

SiloDeposits calldata beanWstEthDeposits,

SiloDeposits calldata bean3CrvDeposits,

SiloDeposits calldata urBeanDeposits,

SiloDeposits calldata urBeanLpDeposits

) external {

// initialize beanDeposits.

reseedSiloDeposit(beanDeposits);

// initialize beanEthDeposits.

reseedSiloDeposit(beanEthDeposits);

// initialize beanWstEthDeposits.

reseedSiloDeposit(beanWstEthDeposits);

// initialize beanStableDeposits.

reseedSiloDeposit(bean3CrvDeposits);

// initialize urBeanDeposits.

reseedSiloDeposit(urBeanDeposits);

// initialize urBeanLpDeposits.

reseedSiloDeposit(urBeanLpDeposits);

}

/**

* @notice reseed the silo deposit for a given token.

* @param siloDeposit The silo deposit data

* @dev all deposits and accounts are mown to the current season.

function reseedSiloDeposit(SiloDeposits calldata siloDeposit) internal {

uint256 totalCalcDeposited;

uint256 totalCalcDepositedBdv;

uint256 stalkIssuedPerBdv = s.sys.silo.assetSettings[siloDeposit.token].stalkIssuedPerBdv;

for (uint256 i; i < siloDeposit.siloDepositsAccount.length; i++) {

the function reseedSiloDeposit needs to loop over all deposit account and if there is too many account, the transaction can run out of gas and block init of ReseedSilo

same issue happens in ReseedBarn init function as well.

Impact

Because of an unbounded loop in a critical function, the user may experience a out of gas error. This error will prevent the reseeding of the silo and completely DOS the protocol main functionality

Tools Used

manual review

Recommendations

Ensure the unbounded loop does not run out of gas. This can be done by reseeding individually each type of deposit. In this way the out of gas error will be less likely.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Informational/Gas

Invalid as per docs https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity

Prize pool breakdown

Total prize

250,000 USDC

nSLOC

12,285

20 USDC / LOC

High Medium

220,000 USDC

Low

10,000 USDC

Judges

20,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.