Beanstalk: The Finale
Beanstalk
DeFiHardhatFoundry
250,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

`ship` in `LibShipping.sol` could be DOS because field can be only added and can't be removed

zhuying

Summary

ship in LibShipping.sol could be DOS because field can be only added and can't be removed.

Vulnerability Details

setRoutes_siloAndBarnAndFields in ShipmentDeployer.sol is as follows:

uint256 fieldCount = IBS(BEANSTALK).fieldCount();
IBS.ShipmentRoute[] memory shipmentRoutes = new IBS.ShipmentRoute[](2 + fieldCount);

We can see that shipmentRoutes.length = 2 + fieldCount.
ship in LibShipping.sol call getShipmentPlans. getShipmentPlans will loop 2+fieldCount times.
ship in LibShipping.sol call getBeansFromPoints. getBeansFromPoints have one for loop.
And ship in LibShipping.sol includes three for loops.
In conclusion, ship will loop many times.
In FieldFacet.sol:

* @dev It is not possible to remove a Field, but a Field's Plan can be nullified.
*/
function addField() public fundsSafu noSupplyChange noNetFlow { }

So field can be only added. As field count increases, ship could be DOS because of so many loops. The gas cost also can be huge.

Impact

Can't ship in some case.

Tools Used

manual

Recommendations

Restrict the number of field.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.