Line of code

https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/df2dd129a878d16d4adc75049179ac0029d9a96b/protocol/contracts/libraries/LibReceiving.sol#L136

https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/df2dd129a878d16d4adc75049179ac0029d9a96b/protocol/contracts/libraries/LibShipping.sol#L71

https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/df2dd129a878d16d4adc75049179ac0029d9a96b/protocol/contracts/libraries/LibReceiving.sol#L135

https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/df2dd129a878d16d4adc75049179ac0029d9a96b/protocol/contracts/beanstalk/barn/FertilizerFacet.sol#L79

https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/df2dd129a878d16d4adc75049179ac0029d9a96b/protocol/contracts/libraries/LibFertilizer.sol#L55

Summary

Shipment can be DOSed because of too strict unfertilized index check in receive barn

Vulnerability Details

In receive barn there is a require statement that checks that fertillizedIndex == unfertillizedIndex.

This check will never pass because any user can front run this and mint to inflate the unfertillizedIndex, therefore causing the original call to revert. This revert will impact the shipment feature and DOS it.

above the snippet from the function receiveShipment can be seen to call barnReceive. And as i have show above the barnReceive has a require statement that can be dosed by a user frontrunning. Therefore the receiveShipment call will revert and will be DOSED.

any user can inflate the unfertillizedIndex by calling mintFertillizer, in the function there is a call to addFertillizer

in addFertillizer we can observe this snippet

now we have observed a user can inflate the unfertillizedIndex in order to dos Shipment

Impact

Malicious user can DOS receiveShipment which is important because it is needed to receive beans to the protocol.

Tools Used

manual review

Recommendations

Do not make the require statement so strict because it will cause a DOS of the shipment.