Beanstalk: The Finale
Beanstalk
DeFiHardhatFoundry
250,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Paused State Check in ReseedSun Contract

golanger85

Summary

The ReseedSun contract is responsible for re-initializing the Sun by resetting various parameters to match the L1 state. However, the current implementation of the init function does not check whether the L1 contracts are paused before it executes. This omission can lead to several potential issues, including inconsistent states between L1 and L2, operational conflicts, data integrity problems, and security vulnerabilities.

Vulnerability Details

Lack of Paused State Check in init Function

The init function in the ReseedSun contract re-initializes the Sun by setting the current season, temperature, average grown stalk per BDV per season, and bean to max LP GP per BDV ratio. However, it does not verify if the L1 contracts are paused before performing these actions. The relevant code is as follows.

function init(
uint32 season,
uint32 temperature,
uint128 averageGrownStalkPerBdvPerSeason,
uint128 beanToMaxLpGpPerBdvRatio
) external {
s.sys.season.current = season;
s.sys.season.period = PERIOD;
s.sys.season.timestamp = TIMESTAMP;
s.sys.weather.temp = temperature;
s.sys.seedGauge.averageGrownStalkPerBdvPerSeason = averageGrownStalkPerBdvPerSeason;
emit BeanToMaxLpGpPerBdvRatioChange(
s.sys.season.current,
type(uint256).max,
int80(int128(beanToMaxLpGpPerBdvRatio))
);
s.sys.seedGauge.beanToMaxLpGpPerBdvRatio = beanToMaxLpGpPerBdvRatio;
emit UpdateAverageStalkPerBdvPerSeason(averageGrownStalkPerBdvPerSeason);
LibCases.setCasesV2();
}

Impact

Inconsistent State Between L1 and L2:

If the init function is called while L1 contracts are paused, the L2 state could be updated to a new season, temperature, and other parameters while L1 remains in a paused state. This leads to discrepancies and confusion for users interacting with the system.

Operations depending on the state of the system (transactions, migrations, updates) could be performed on L2 while L1 is paused, resulting in operational conflicts and potentially causing errors or unintended behavior.

Tools Used

Manual Review

Recommendations

Implement Paused State Check in init Function

To mitigate the identified risks, it is recommended to implement a check in the init function to verify that the L1 contracts are paused before proceeding with the re-initialization. This can be achieved by adding a condition to check the paused state of the L1 contracts.

By implementing this check, the system ensures that the re-initialization process only occurs when the L1 contracts are paused, maintaining consistency and integrity between L1 and L2 states, and mitigating potential operational conflicts and inconsistent contract state.

function init(
uint32 season,
uint32 temperature,
uint128 averageGrownStalkPerBdvPerSeason,
uint128 beanToMaxLpGpPerBdvRatio
) external {
require(s.paused, "L1 contracts must be paused before initializing L2 state");
s.sys.season.current = season;
s.sys.season.period = PERIOD;
s.sys.season.timestamp = TIMESTAMP;
s.sys.weather.temp = temperature;
s.sys.seedGauge.averageGrownStalkPerBdvPerSeason = averageGrownStalkPerBdvPerSeason;
emit BeanToMaxLpGpPerBdvRatioChange(
s.sys.season.current,
type(uint256).max,
int80(int128(beanToMaxLpGpPerBdvRatio))
);
s.sys.seedGauge.beanToMaxLpGpPerBdvRatio = beanToMaxLpGpPerBdvRatio;
emit UpdateAverageStalkPerBdvPerSeason(averageGrownStalkPerBdvPerSeason);
LibCases.setCasesV2();
}
Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.