Unsafe casting in `LibMinting.sol:checkForMaxDeltaB` can lead to incorrect accounting of `deltaB`
Relevant GitHub Links
https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/main/protocol/contracts/libraries/Minting/LibMinting.sol#L20
https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/main/protocol/contracts/libraries/Minting/LibWellMinting.sol#L56
https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/main/protocol/contracts/libraries/Minting/LibWellMinting.sol#L74
Vulnerability Details
The LibMinting.sol:checkForMaxDeltaB unsafely cast the totalSupply() a uint256 number to int256, will lead to arithemetic overflow when the totalSupply() / MAX_DELTA_B_DENOMINATOR) > type(int256).max, this overflow won't revert as it will fail silently because on the unsafe casting.
Since Bean is minting to meet market demand the totalSupply() of bean can go above MAX_DELTA_B_DENOMINATOR * type(int256).max.
Impact
The LibWellMinting.sol:capture function depends on the LibMinting.sol:checkForMaxDeltaB, and the LibWellMinting.sol:capture is used to calculate the DeltaB in a particular well.
Delta B will be incorrectly calculated which can lead to unexpected behavior.
The
LibWellMinting.sol:checkis also affected, there will be errors in calculatingSeasonGettersFacet.sol:poolDeltaBandSeasonGettersFacet.sol:totalDeltaB.
Tools Used
Manual Analysis
Recommendations
set the maximum bean that can be minted to be less than
type(int256).max.Use safeCast in
LibMinting.sol:checkForMaxDeltaB.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.