Beanstalk: The Finale

Beanstalk

DeFiHardhatFoundry

250,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

We have no slippage protection when we need to mint tokens during a Flood

StraawHaat

Summary

In the new version of Beanstalk, one of the changed contracts is LibFlood.sol. The contract handles the logic for managing the flooding mechanism in Beanstalk. One of the main functions is handleRain(), which manages the state of the Beanstalk protocol when it becomes "oversaturated".

The problem is that the function at the end calls sopWell(), which has no slippage protection.

Vulnerability Details

handleRain() function call sopWell():

function sopWell(WellDeltaB memory wellDeltaB) private {

AppStorage storage s = LibAppStorage.diamondStorage();

if (wellDeltaB.deltaB > 0) {

IERC20 sopToken = LibWell.getNonBeanTokenFromWell(wellDeltaB.well);

uint256 sopBeans = uint256(wellDeltaB.deltaB);

C.bean().mint(address(this), sopBeans);

// Approve and Swap Beans for the non-bean token of the SOP well.

C.bean().approve(wellDeltaB.well, sopBeans);

uint256 amountOut = IWell(wellDeltaB.well).swapFrom(

C.bean(),

sopToken,

sopBeans,

address(this),

type(uint256).max

);

rewardSop(wellDeltaB.well, amountOut, address(sopToken));

emit SeasonOfPlentyWell(

s.sys.season.current,

wellDeltaB.well,

address(sopToken),

amountOut

);

}

The sopWell function manages the minting and swapping of Beans during a Season of Plenty, which is triggered when Beanstalk is oversaturated.

We can see how the function calls swapFrom() to swap beans for the non-bean token.

function swapFrom(

IERC20 fromToken,

IERC20 toToken,

uint256 amountIn,

uint256 minAmountOut,

address recipient,

uint256 deadline

) external returns (uint256 amountOut);

But the parameter that is passed for minAmountOut is 0. This means that the function has no slippage protection.

Impact

Without slippage, If the price of the tokens changes significantly during the swap, it could result in a large slippage, causing users to lose a significant amount of funds.

Tools Used

Visual Studio Code

Recommendations

Add slippage protection in the sopWell() function.

Updates

Lead Judging Commences

inallhonesty Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

Lack of slippage in sopWell

Prize pool breakdown

Total prize

250,000 USDC

nSLOC

12,285

20 USDC / LOC

High Medium

220,000 USDC

Low

10,000 USDC

Judges

20,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.