Incorrect Hardcoded Block Time Assumptions in Beanstalk's LibDibbler
Summary
Beanstalk's LibDibbler library assumes a specific block time of 2 seconds (L2_BLOCK_TIME = 2) for the Layer 2 (L2) network. This assumption affects the temperature calculation in the morningTemperature function. If Beanstalk is deployed on L2 networks with different block times, such as Arbitrum or Optimism, the calculation will be inaccurate.
Vulnerability Details
The morningTemperature function in LibDibbler calculates temperature adjustments based on the assumed block time using the following logic:
Impact
Here, L2_BLOCK_TIME is hardcoded to 2 seconds, while L1_BLOCK_TIME is assumed to be 12 seconds. This calculation aims to adjust the temperature of BEANSTALK according to the elapsed time since the last sunrise block.
However, different L2 networks have different block times, making this calculation inaccurate if deployed on networks like Arbitrum or Optimism.
Deploying Beanstalk on L2 networks with different block times other than 2 seconds will result in the following issues:
The temperature will either be overestimated or underestimated and inaccurate temperature adjustments could disrupt the balance of supply and demand for Soil and Pods, causing economic inefficiencies in Beanstalk.
Tools Used
Manual Review
Recommendations
Instead of hardcoding L2_BLOCK_TIME, use a dynamic method to set the block time based on the deployed L2 network. This can be done during contract deployment or via an initialization function.
Lead Judging Commences
L2_BLOCK_TIME hardcoded to 2 seconds is not right for most L2's
Appeal created
L2_BLOCK_TIME hardcoded to 2 seconds is not right for most L2's
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.