Beanstalk: The Finale

Beanstalk

DeFiHardhatFoundry

250,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Orderers will lose their Beans after migration to L2

T1MOH

Summary

Current version of Beanstalk deployed on Mainnet has following logic of order creation in Market:

Order on Market means that order creator wants to buy Pod for Beans. During creation Market transfers Beans from orderer to Beanstalk. Problem is that those transferred Beans are not reflected on User's internal balance.

It means after migration these Beans won't be returned because it is not internal balance.

Vulnerability Details

Here you can see that Market transfers Beans from user via function LibTransfer.receiveToken():
https://github.com/BeanstalkFarms/Beanstalk/pull/909/files#diff-38bfddf2eaaa5a2f714bcff17d7bef97c83eed773fb2a0e51c6e327eee98b839L113-L133

As you can see these Beans are not reflected in internal balance:

function receiveToken(

IERC20 token,

uint256 amount,

address sender,

From mode

) internal returns (uint256 receivedAmount) {

if (amount == 0) return 0;

if (mode != From.EXTERNAL) {

receivedAmount = LibBalance.decreaseInternalBalance(

sender,

token,

amount,

mode != From.INTERNAL

);

if (amount == receivedAmount || mode == From.INTERNAL_TOLERANT) return receivedAmount;

}

uint256 beforeBalance = token.balanceOf(address(this));

token.safeTransferFrom(sender, address(this), amount - receivedAmount);

return receivedAmount.add(token.balanceOf(address(this)).sub(beforeBalance));

}

So it means Users will lose those Beans during migration because it won't be refunded via contract ReseedInternalBalances.sol

Impact

Users who have open orders on Market during migration will lose their Beans submitted during order creation.

Tools Used

Manual Review

Recommendations

Migrate orderers' Beans submitted to Beanstalk.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

Orderers will lose their Beans after migration to L2

Appeal created

T1MOH Submitter

11 months ago

inallhonesty Lead Judge

11 months ago

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Orderers will lose their Beans after migration to L2

Prize pool breakdown

Total prize

250,000 USDC

nSLOC

12,285

20 USDC / LOC

High Medium

220,000 USDC

Low

10,000 USDC

Judges

20,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.