Beanstalk: The Finale

Beanstalk

DeFiHardhatFoundry

250,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Excess beans not redistributed leading to potential loss and unfair allocation as the case may be

rhaydden

Summary

When a route's allocated Beans exceed its cap, the excess Beans are not properly redistributed.

Vulnerability Details

In ship function, specifically in the loop that checks for cap exceedance (lines 53-62), the current implementation incorrectly handles the case where a shipment amount exceeds the plan cap:

52: // Iterate though each stream, checking if cap is exceeded.

53: for (uint256 j; j < shipmentAmounts.length; j++) {

54: // If shipment amount exceeds plan cap, adjust plan and totals before recomputing.

55: if (shipmentAmounts[j] > shipmentPlans[j].cap) {

56: shipmentAmounts[j] = shipmentPlans[j].cap;

57: remainingBeansToShip -= shipmentPlans[j].cap;

58: totalPoints -= shipmentPlans[j].points;

59: shipmentPlans[j].points = 0;

60: capExceeded = true;

61: }

62: }

Looking at line 57, remainingBeansToShip -= shipmentPlans[j].cap; subtracts the entire cap from the remaining Beans, instead of just the excess amount. As a result, the difference between the allocated amount and the cap (the excess Beans) is not added back to remainingBeansToShip for redistribution to other routes.

Impact

Excess Beans that should be redistributed to other routes are lost, reducing the total amount of Beans distributed. Also, the routes processed later in the loop may receive fewer Beans than they should, as the excess Beans from earlier routes are not available for redistribution. The intention of distribution of Beans across routes is not achieved which affects the shipment process.

Tools Used

Manual code review

Recommendations

By calculating the excess Beans and subtracting only the excess amount from remainingBeansToShip, the redistribution logic will be corrected.
Modify the cap exceedance check;

for (uint256 j; j < shipmentAmounts.length; j++) {

// If shipment amount exceeds plan cap, adjust plan and totals before recomputing.

if (shipmentAmounts[j] > shipmentPlans[j].cap) {

+ uint256 excessBeans = shipmentAmounts[j] - shipmentPlans[j].cap;

shipmentAmounts[j] = shipmentPlans[j].cap;

- remainingBeansToShip -= shipmentPlans[j].cap;

+ remainingBeansToShip -= excessBeans; // Subtract only the excess Beans

totalPoints -= shipmentPlans[j].points;

shipmentPlans[j].points = 0;

capExceeded = true;

}

Updates

Lead Judging Commences

inallhonesty Lead Judge 12 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

When a route's allocated Beans exceed its cap, the excess Beans are not properly redistributed.

Prize pool breakdown

Total prize

250,000 USDC

nSLOC

12,285

20 USDC / LOC

High Medium

220,000 USDC

Low

10,000 USDC

Judges

20,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.