Beanstalk: The Finale

Summary

BeanL1RecieverFacet logic where the maximum allowed number of migrated beans (EXTERNAL_L1_BEANS) is set to zero is a problem. This effectively blocks all L1 to L2 bean migrations, rendering the contract's primary function inoperable.

Vulnerability Details

In the BeanL1RecieverFacet contract, there's a constant defined as follows:

This constant is used in the recieveL1Beans function to check if the total number of migrated beans exceeds the allowed limit:

However, since EXTERNAL_L1_BEANS is set to 0, this check will always fail as soon as any beans are attempted to be migrated (i.e., when s.sys.migration.migratedL1Beans becomes greater than 0). This causes the function to revert for all migration attempts, effectively preventing any L1 to L2 bean transfers.

Impact

Likelihood is high and impact is high. It completely breaks the core logic of the contract, preventing any beans from being migrated from L1 to L2. This could lead to significant disruption in the planned migration process. The contract if deployed the way is is will fail to fulfill its primary purpose of facilitating L1 to L2 bean transfers.

Tools Used

Manual review

Recommendations

Set EXTERNAL_L1_BEANS to the actual maximum number of beans that can be migrated from L1 to L2. This value should be carefully calculated based on the total supply of beans on L1 or any other relevant factors. Alternatively, if there is no fixed limit on the number of beans that can be migrated, consider removing the check entirely or replacing it with a different mechanism to control the migration process. For instance, you could implement a dynamic limit that can be adjusted by admin roles as the case may be.