Beanstalk: The Finale

Summary

The BeanL1ReceiverFacet contract currently has the constant EXTERNAL_L1_BEANS set to 0, which effectively prevents any beans from being migrated from L1 to L2. This configuration causes all migration attempts to fail, rendering the migration functionality unusable.
https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/4e0ad0b964f74a1b4880114f4dd5b339bc69cd3e/protocol/contracts/beanstalk/migration/BeanL1RecieverFacet.sol#L39-L42

Vulnerability Details

The constant EXTERNAL_L1_BEANS is defined as:

This constant is used in a require statement within the receiveL1Beans function:

Since EXTERNAL_L1_BEANS is set to 0, any attempt to migrate beans will result in a failure of this require check, as s.sys.migration.migratedL1Beans will always be greater than 0 after the first migration attempt.

Impact

This vulnerability has a high severity because it prevents the contract from fulfilling its primary function of migrating beans from L1 to L2. As a result:

• No beans can be migrated from L1 to L2.

• Users will be unable to complete their migrations, potentially causing significant disruptions.

• The contract fails to operate as intended, undermining user trust and contract utility.

Tools Used

Manual Code Review

Recommendations

1. Set a Valid Limit for Migrated Beans: Update the value of EXTERNAL_L1_BEANS to a non-zero value that represents the maximum number of beans you intend to allow for migration. For example:

1. Consider Dynamic Configuration: Allow the maximum migration limit to be configurable by contract administrators. This can be done by replacing the constant with a state variable:

Update the require statement accordingly: