Beanstalk: The Finale
Beanstalk
DeFiHardhatFoundry
250,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`ReseedL2Migration::init()` can be frontrun due to no access control at the time of migration.

0x11singh99

Vulnerability Details

Since init function doesn't have any access control but it is one time usable. It will be called through proxy contract. But it still can be frontrun due to absence of access control on it. Since it is updating critical storage values so at the time of migration attacker can call through proxy contract using delegatecall also and set his own values by frontrunning the transaction.

File : contracts/beanstalk/init/reseed/L1/ReseedL2Migration.sol
27: function init() external {
28: // Pause beanstalk, preventing future sunrises.
29: s.paused = true;
30: s.pausedAt = uint128(block.timestamp);
31: emit Pause(block.timestamp);

ReseedL2Migration.sol#L27-L31

Impact

At the time of migration attacker can set his own storage values by frontrunning the transaction.

Tools Used

Manual Review

Recommendation

Use some type of access control on init function like setting the owner address in immutable var. at the time of deployment of implementation contract. So that only owner can call this function through proxy using delegatecall.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Lack of quality
Assigned finding tags:

Quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.