Submission Details
Severity:
`BeanL1RecieverFacet.recieveL1Beans()` will revert forever.
Github link
Summary
It's impossible to migrate beans to L2 as recieveL1Beans() reverts.
Vulnerability Details
During the migration to L2, recieveL1Beans() validates the total migrated beans.
contract BeanL1RecieverFacet is ReentrancyGuard {
uint256 constant EXTERNAL_L1_BEANS = 0; //@audit wrong constant
function recieveL1Beans(address reciever, uint256 amount) external nonReentrant {
// verify msg.sender is the cross-chain messenger address, and
// the xDomainMessageSender is the L1 Beanstalk contract.
require(
msg.sender == address(BRIDGE) &&
IL2Messenger(BRIDGE).xDomainMessageSender() == L1BEANSTALK
);
s.sys.migration.migratedL1Beans += amount;
require(
EXTERNAL_L1_BEANS >= s.sys.migration.migratedL1Beans, //@audit revert
"L2Migration: exceeds maximum migrated"
);
C.bean().mint(reciever, amount);
}
But it will continue reverting with 0 EXTERNAL_L1_BEANS.
Impact
The migration to L2 won't be processed properly.
Tools Used
Manual Review
Recommendations
We should set a proper EXTERNAL_L1_BEANS before the migration.
Updates
Lead Judging Commences
inallhonesty 11 months ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
`EXTERNAL_L1_BEANS` defined with `0` will fail require(EXTERNAL_L1_BEANS >= s.sys.migration.migratedL1Beans, "L2Migration: exceeds maximum migrated");
Appeal created
inallhonesty 11 months ago
Submission Judgement Published Assigned finding tags:
`EXTERNAL_L1_BEANS` defined with `0` will fail require(EXTERNAL_L1_BEANS >= s.sys.migration.migratedL1Beans, "L2Migration: exceeds maximum migrated");
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.