Submission Details
Severity:
Mismatch of relevant cases when adjusting the amount of available Soil
Summary
During Sunrise, Beanstalk adjusts the amount of available Soil. The Soil supply is based on the number of Pods that ripen and become harvestable at the beginning of the Season, the Temperature, and the Beanstalk debt level. When P > 1 and the Pod Rate is high, Beanstalk issues less Soil. When P > 1 and the Pod Rate is low, Beanstalk issues more Soil. However, there are missing cases and not all the cases taken into account meet this criteria, which results in an inaccurate calculation.
Vulnerability Details
The contracts/beanstalk/sun/SeasonFacet/Sun::stepSun function take the precalculated deltaB and caseId to update the Soil issuance. When above peg (deltaB > 0), Sun:setSoilAbovePeg function is used to determine and update the soil in the system.
function setSoilAbovePeg(uint256 newHarvestable, uint256 caseId) internal {
uint256 newSoil = newHarvestable.mul(100).div(100 + s.sys.weather.temp);
if (caseId.mod(36) >= 24) { //<@ FINDING
newSoil = newSoil.mul(SOIL_COEFFICIENT_HIGH).div(C.PRECISION); // high podrate
} else if (caseId.mod(36) < 8) { //<@ FINDING
newSoil = newSoil.mul(SOIL_COEFFICIENT_LOW).div(C.PRECISION); // low podrate
}
setSoil(newSoil);
}
On the other hand, the contracts/libraries/LibCases.sol contract handles the cases for Beanstalk.
The parameters that are taken into account to calculate the different cases are:
the Liquidity to Supply Ratio (L2SR) level (extremely low, reasonably low, reasonably high, extremely high)
the debt level or Pod Rate level (excessively low, reasonably low, reasonably high, excessively high)
the peg state (P < 1, P > 1, P > Q)
the Soil demand behavior (decreasing, steady, increasing).
The LibCases::setCasesV2 function sets the s.sys.casesV2 system variable that stores the 144 cases resulting from the combination of the above parameters.
Given the structure of the elements contained in s.sys.casesV2, it is possible to see that the order of the cases is as indicated in the following table:
Table 1. Description of the 144 possible cases for the Beanstalk status, including their Id number and the corresponding line number in the LibCases::setCasesV2 function.
| Id | Cases | Line number |
|---|---|---|
| /////////////////////// Exremely Low L2SR /////////////////////// | 118 | |
| 0 | "Extremely Low L2SR + Excessively Low Debt + P < 1 + Soil demand Decreasing" | 119 |
| 1 | "Extremely Low L2SR + Excessively Low Debt + P < 1 + Soil demand Steady" | 120 |
| 2 | "Extremely Low L2SR + Excessively Low Debt + P < 1 + Soil demand Increasing" | 121 |
| 3 | "Extremely Low L2SR + Excessively Low Debt + P > 1 + Soil demand Decreasing" | 122 |
| 4 | "Extremely Low L2SR + Excessively Low Debt + P > 1 + Soil demand Steady" | 123 |
| 5 | "Extremely Low L2SR + Excessively Low Debt + P > 1 + Soil demand Increasing" | 124 |
| 6 | "Extremely Low L2SR + Excessively Low Debt + P > Q + Soil demand Decreasing" | 125 |
| 7 | "Extremely Low L2SR + Excessively Low Debt + P > Q + Soil demand Steady" | 126 |
| 8 | "Extremely Low L2SR + Excessively Low Debt + P > Q + Soil demand Increasing" | 127 |
| 9 | "Extremely Low L2SR + Reasonably Low Debt + P < 1 + Soil demand Decreasing" | 128 |
| 10 | "Extremely Low L2SR + Reasonably Low Debt + P < 1 + Soil demand Steady" | 129 |
| 11 | "Extremely Low L2SR + Reasonably Low Debt + P < 1 + Soil demand Increasing" | 130 |
| 12 | "Extremely Low L2SR + Reasonably Low Debt + P > 1 + Soil demand Decreasing" | 131 |
| 13 | "Extremely Low L2SR + Reasonably Low Debt + P > 1 + Soil demand Steady" | 132 |
| 14 | "Extremely Low L2SR + Reasonably Low Debt + P > 1 + Soil demand Increasing" | 133 |
| 15 | "Extremely Low L2SR + Reasonably Low Debt + P > Q + Soil demand Decreasing" | 134 |
| 16 | "Extremely Low L2SR + Reasonably Low Debt + P > Q + Soil demand Steady" | 135 |
| 17 | "Extremely Low L2SR + Reasonably Low Debt + P > Q + Soil demand Increasing" | 136 |
| 18 | "Extremely Low L2SR + Reasonably High Debt + P < 1 + Soil demand Decreasing" | 137 |
| 19 | "Extremely Low L2SR + Reasonably High Debt + P < 1 + Soil demand Steady" | 138 |
| 20 | "Extremely Low L2SR + Reasonably High Debt + P < 1 + Soil demand Increasing" | 139 |
| 21 | "Extremely Low L2SR + Reasonably High Debt + P > 1 + Soil demand Decreasing" | 140 |
| 22 | "Extremely Low L2SR + Reasonably High Debt + P > 1 + Soil demand Steady" | 141 |
| 23 | "Extremely Low L2SR + Reasonably High Debt + P > 1 + Soil demand Increasing" | 142 |
| 24 | "Extremely Low L2SR + Reasonably High Debt + P > Q + Soil demand Decreasing" | 143 |
| 25 | "Extremely Low L2SR + Reasonably High Debt + P > Q + Soil demand Steady" | 144 |
| 26 | "Extremely Low L2SR + Reasonably High Debt + P > Q + Soil demand Increasing" | 145 |
| 27 | "Extremely Low L2SR + Excessively High Debt + P < 1 + Soil demand Decreasing" | 146 |
| 28 | "Extremely Low L2SR + Excessively High Debt + P < 1 + Soil demand Steady" | 147 |
| 29 | "Extremely Low L2SR + Excessively High Debt + P < 1 + Soil demand Increasing" | 148 |
| 30 | "Extremely Low L2SR + Excessively High Debt + P > 1 + Soil demand Decreasing" | 149 |
| 31 | "Extremely Low L2SR + Excessively High Debt + P > 1 + Soil demand Steady" | 150 |
| 32 | "Extremely Low L2SR + Excessively High Debt + P > 1 + Soil demand Increasing" | 151 |
| 33 | "Extremely Low L2SR + Excessively High Debt + P > Q + Soil demand Decreasing" | 152 |
| 34 | "Extremely Low L2SR + Excessively High Debt + P > Q + Soil demand Steady" | 153 |
| 35 | "Extremely Low L2SR + Excessively High Debt + P > Q + Soil demand Increasing" | 154 |
| /////////////////////// Reasonably Low L2SR /////////////////////// | 155 | |
| 36 | "Reasonably Low L2SR + Excessively Low Debt + P < 1 + Soil demand Decreasing" | 156 |
| 37 | "Reasonably Low L2SR + Excessively Low Debt + P < 1 + Soil demand Steady" | 157 |
| 38 | "Reasonably Low L2SR + Excessively Low Debt + P < 1 + Soil demand Increasing" | 158 |
| 39 | "Reasonably Low L2SR + Excessively Low Debt + P > 1 + Soil demand Decreasing" | 159 |
| 40 | "Reasonably Low L2SR + Excessively Low Debt + P > 1 + Soil demand Steady" | 160 |
| 41 | "Reasonably Low L2SR + Excessively Low Debt + P > 1 + Soil demand Increasing" | 161 |
| 42 | "Reasonably Low L2SR + Excessively Low Debt + P > Q + Soil demand Decreasing" | 162 |
| 43 | "Reasonably Low L2SR + Excessively Low Debt + P > Q + Soil demand Steady" | 163 |
| 44 | "Reasonably Low L2SR + Excessively Low Debt + P > Q + Soil demand Increasing" | 164 |
| 45 | "Reasonably Low L2SR + Reasonably Low Debt + P < 1 + Soil demand Decreasing" | 165 |
| 46 | "Reasonably Low L2SR + Reasonably Low Debt + P < 1 + Soil demand Steady" | 166 |
| 47 | "Reasonably Low L2SR + Reasonably Low Debt + P < 1 + Soil demand Increasing" | 167 |
| 48 | "Reasonably Low L2SR + Reasonably Low Debt + P > 1 + Soil demand Decreasing" | 168 |
| 49 | "Reasonably Low L2SR + Reasonably Low Debt + P > 1 + Soil demand Steady" | 169 |
| 50 | "Reasonably Low L2SR + Reasonably Low Debt + P > 1 + Soil demand Increasing" | 170 |
| 51 | "Reasonably Low L2SR + Reasonably Low Debt + P > Q + Soil demand Decreasing" | 171 |
| 52 | "Reasonably Low L2SR + Reasonably Low Debt + P > Q + Soil demand Steady" | 172 |
| 53 | "Reasonably Low L2SR + Reasonably Low Debt + P > Q + Soil demand Increasing" | 173 |
| 54 | "Reasonably Low L2SR + Reasonably High Debt + P < 1 + Soil demand Decreasing" | 174 |
| 55 | "Reasonably Low L2SR + Reasonably High Debt + P < 1 + Soil demand Steady" | 175 |
| 56 | "Reasonably Low L2SR + Reasonably High Debt + P < 1 + Soil demand Increasing" | 176 |
| 57 | "Reasonably Low L2SR + Reasonably High Debt + P > 1 + Soil demand Decreasing" | 177 |
| 58 | "Reasonably Low L2SR + Reasonably High Debt + P > 1 + Soil demand Steady" | 178 |
| 59 | "Reasonably Low L2SR + Reasonably High Debt + P > 1 + Soil demand Increasing" | 179 |
| 60 | "Reasonably Low L2SR + Reasonably High Debt + P > Q + Soil demand Decreasing" | 180 |
| 61 | "Reasonably Low L2SR + Reasonably High Debt + P > Q + Soil demand Steady" | 181 |
| 62 | "Reasonably Low L2SR + Reasonably High Debt + P > Q + Soil demand Increasing" | 182 |
| 63 | "Reasonably Low L2SR + Excessively High Debt + P < 1 + Soil demand Decreasing" | 183 |
| 64 | "Reasonably Low L2SR + Excessively High Debt + P < 1 + Soil demand Steady" | 184 |
| 65 | "Reasonably Low L2SR + Excessively High Debt + P < 1 + Soil demand Increasing" | 185 |
| 66 | "Reasonably Low L2SR + Excessively High Debt + P > 1 + Soil demand Decreasing" | 186 |
| 67 | "Reasonably Low L2SR + Excessively High Debt + P > 1 + Soil demand Steady" | 187 |
| 68 | "Reasonably Low L2SR + Excessively High Debt + P > 1 + Soil demand Increasing" | 188 |
| 69 | "Reasonably Low L2SR + Excessively High Debt + P > Q + Soil demand Decreasing" | 189 |
| 70 | "Reasonably Low L2SR + Excessively High Debt + P > Q + Soil demand Steady" | 190 |
| 71 | "Reasonably Low L2SR + Excessively High Debt + P > Q + Soil demand Increasing" | 191 |
| /////////////////////// Reasonably High L2SR /////////////////////// | 192 | |
| 72 | "Reasonably High L2SR + Excessively Low Debt + P < 1 + Soil demand Decreasing" | 193 |
| 73 | "Reasonably High L2SR + Excessively Low Debt + P < 1 + Soil demand Steady" | 194 |
| 74 | "Reasonably High L2SR + Excessively Low Debt + P < 1 + Soil demand Increasing" | 195 |
| 75 | "Reasonably High L2SR + Excessively Low Debt + P > 1 + Soil demand Decreasing" | 196 |
| 76 | "Reasonably High L2SR + Excessively Low Debt + P > 1 + Soil demand Steady" | 197 |
| 77 | "Reasonably High L2SR + Excessively Low Debt + P > 1 + Soil demand Increasing" | 198 |
| 78 | "Reasonably High L2SR + Excessively Low Debt + P > Q + Soil demand Decreasing" | 199 |
| 79 | "Reasonably High L2SR + Excessively Low Debt + P > Q + Soil demand Steady" | 200 |
| 80 | "Reasonably High L2SR + Excessively Low Debt + P > Q + Soil demand Increasing" | 201 |
| 81 | "Reasonably High L2SR + Reasonably Low Debt + P < 1 + Soil demand Decreasing" | 202 |
| 82 | "Reasonably High L2SR + Reasonably Low Debt + P < 1 + Soil demand Steady" | 203 |
| 83 | "Reasonably High L2SR + Reasonably Low Debt + P < 1 + Soil demand Increasing" | 204 |
| 84 | "Reasonably High L2SR + Reasonably Low Debt + P > 1 + Soil demand Decreasing" | 205 |
| 85 | "Reasonably High L2SR + Reasonably Low Debt + P > 1 + Soil demand Steady" | 206 |
| 86 | "Reasonably High L2SR + Reasonably Low Debt + P > 1 + Soil demand Increasing" | 207 |
| 87 | "Reasonably High L2SR + Reasonably Low Debt + P > Q + Soil demand Decreasing" | 208 |
| 88 | "Reasonably High L2SR + Reasonably Low Debt + P > Q + Soil demand Steady" | 209 |
| 89 | "Reasonably High L2SR + Reasonably Low Debt + P > Q + Soil demand Increasing" | 210 |
| 90 | "Reasonably High L2SR + Reasonably High Debt + P < 1 + Soil demand Decreasing" | 211 |
| 91 | "Reasonably High L2SR + Reasonably High Debt + P < 1 + Soil demand Steady" | 212 |
| 92 | "Reasonably High L2SR + Reasonably High Debt + P < 1 + Soil demand Increasing" | 213 |
| 93 | "Reasonably High L2SR + Reasonably High Debt + P > 1 + Soil demand Decreasing" | 214 |
| 94 | "Reasonably High L2SR + Reasonably High Debt + P > 1 + Soil demand Steady" | 215 |
| 95 | "Reasonably High L2SR + Reasonably High Debt + P > 1 + Soil demand Increasing" | 216 |
| 96 | "Reasonably High L2SR + Reasonably High Debt + P > Q + Soil demand Decreasing" | 217 |
| 97 | "Reasonably High L2SR + Reasonably High Debt + P > Q + Soil demand Steady" | 218 |
| 98 | "Reasonably High L2SR + Reasonably High Debt + P > Q + Soil demand Increasing" | 219 |
| 99 | "Reasonably High L2SR + Excessively High Debt + P < 1 + Soil demand Decreasing" | 220 |
| 100 | "Reasonably High L2SR + Excessively High Debt + P < 1 + Soil demand Steady" | 221 |
| 101 | "Reasonably High L2SR + Excessively High Debt + P < 1 + Soil demand Increasing" | 222 |
| 102 | "Reasonably High L2SR + Excessively High Debt + P > 1 + Soil demand Decreasing" | 223 |
| 103 | "Reasonably High L2SR + Excessively High Debt + P > 1 + Soil demand Steady" | 224 |
| 104 | "Reasonably High L2SR + Excessively High Debt + P > 1 + Soil demand Increasing" | 225 |
| 105 | "Reasonably High L2SR + Excessively High Debt + P > Q + Soil demand Decreasing" | 226 |
| 106 | "Reasonably High L2SR + Excessively High Debt + P > Q + Soil demand Steady" | 227 |
| 107 | "Reasonably High L2SR + Excessively High Debt + P > Q + Soil demand Increasing" | 228 |
| /////////////////////// Extremely High L2SR /////////////////////// | 229 | |
| 108 | "Extremely High L2SR + Excessively Low Debt + P < 1 + Soil demand Decreasing" | 230 |
| 109 | "Extremely High L2SR + Excessively Low Debt + P < 1 + Soil demand Steady" | 231 |
| 110 | "Extremely High L2SR + Excessively Low Debt + P < 1 + Soil demand Increasing" | 232 |
| 111 | "Extremely High L2SR + Excessively Low Debt + P > 1 + Soil demand Decreasing" | 233 |
| 112 | "Extremely High L2SR + Excessively Low Debt + P > 1 + Soil demand Steady" | 234 |
| 113 | "Extremely High L2SR + Excessively Low Debt + P > 1 + Soil demand Increasing" | 235 |
| 114 | "Extremely High L2SR + Excessively Low Debt + P > Q + Soil demand Decreasing" | 236 |
| 115 | "Extremely High L2SR + Excessively Low Debt + P > Q + Soil demand Steady" | 237 |
| 116 | "Extremely High L2SR + Excessively Low Debt + P > Q + Soil demand Increasing" | 238 |
| 117 | "Extremely High L2SR + Reasonably Low Debt + P < 1 + Soil demand Decreasing" | 239 |
| 118 | "Extremely High L2SR + Reasonably Low Debt + P < 1 + Soil demand Steady" | 240 |
| 119 | "Extremely High L2SR + Reasonably Low Debt + P < 1 + Soil demand Increasing" | 241 |
| 120 | "Extremely High L2SR + Reasonably Low Debt + P > 1 + Soil demand Decreasing" | 242 |
| 121 | "Extremely High L2SR + Reasonably Low Debt + P > 1 + Soil demand Steady" | 243 |
| 122 | "Extremely High L2SR + Reasonably Low Debt + P > 1 + Soil demand Increasing" | 244 |
| 123 | "Extremely High L2SR + Reasonably Low Debt + P > Q + Soil demand Decreasing" | 245 |
| 124 | "Extremely High L2SR + Reasonably Low Debt + P > Q + Soil demand Steady" | 246 |
| 125 | "Extremely High L2SR + Reasonably Low Debt + P > Q + Soil demand Increasing" | 247 |
| 126 | "Extremely High L2SR + Reasonably High Debt + P < 1 + Soil demand Decreasing" | 248 |
| 127 | "Extremely High L2SR + Reasonably High Debt + P < 1 + Soil demand Steady" | 249 |
| 128 | "Extremely High L2SR + Reasonably High Debt + P < 1 + Soil demand Increasing" | 250 |
| 129 | "Extremely High L2SR + Reasonably High Debt + P > 1 + Soil demand Decreasing" | 251 |
| 130 | "Extremely High L2SR + Reasonably High Debt + P > 1 + Soil demand Steady" | 252 |
| 131 | "Extremely High L2SR + Reasonably High Debt + P > 1 + Soil demand Increasing" | 253 |
| 132 | "Extremely High L2SR + Reasonably High Debt + P > Q + Soil demand Decreasing" | 254 |
| 133 | "Extremely High L2SR + Reasonably High Debt + P > Q + Soil demand Steady" | 255 |
| 134 | "Extremely High L2SR + Reasonably High Debt + P > Q + Soil demand Increasing" | 256 |
| 135 | "Extremely High L2SR + Excessively High Debt + P < 1 + Soil demand Decreasing" | 257 |
| 136 | "Extremely High L2SR + Excessively High Debt + P < 1 + Soil demand Steady" | 258 |
| 137 | "Extremely High L2SR + Excessively High Debt + P < 1 + Soil demand Increasing" | 259 |
| 138 | "Extremely High L2SR + Excessively High Debt + P > 1 + Soil demand Decreasing" | 260 |
| 139 | "Extremely High L2SR + Excessively High Debt + P > 1 + Soil demand Steady" | 261 |
| 140 | "Extremely High L2SR + Excessively High Debt + P > 1 + Soil demand Increasing" | 262 |
| 141 | "Extremely High L2SR + Excessively High Debt + P > Q + Soil demand Decreasing" | 263 |
| 142 | "Extremely High L2SR + Excessively High Debt + P > Q + Soil demand Steady" | 264 |
| 143 | "Extremely High L2SR + Excessively High Debt + P > Q + Soil demand Increasing" | 265 |
Comparing the descriptions contained in Table 1 with the cases taken into account in the Sun:setSoilAbovePeg function, it is easy to see that several cases do not match the desired criteria, but are included anyway.
For example, the first 12 cases that meet caseId.mod(36) >= 24 are
| Id | Cases | Line number |
|---|---|---|
| 24 | "Extremely Low L2SR + Reasonably High Debt + P > Q + Soil demand Decreasing" | 143 |
| 25 | "Extremely Low L2SR + Reasonably High Debt + P > Q + Soil demand Steady" | 144 |
| 26 | "Extremely Low L2SR + Reasonably High Debt + P > Q + Soil demand Increasing" | 145 |
| 27 | "Extremely Low L2SR + Excessively High Debt + P < 1 + Soil demand Decreasing" | 146 |
| 28 | "Extremely Low L2SR + Excessively High Debt + P < 1 + Soil demand Steady" | 147 |
| 29 | "Extremely Low L2SR + Excessively High Debt + P < 1 + Soil demand Increasing" | 148 |
| 30 | "Extremely Low L2SR + Excessively High Debt + P > 1 + Soil demand Decreasing" | 149 |
| 31 | "Extremely Low L2SR + Excessively High Debt + P > 1 + Soil demand Steady" | 150 |
| 32 | "Extremely Low L2SR + Excessively High Debt + P > 1 + Soil demand Increasing" | 151 |
| 33 | "Extremely Low L2SR + Excessively High Debt + P > Q + Soil demand Decreasing" | 152 |
| 34 | "Extremely Low L2SR + Excessively High Debt + P > Q + Soil demand Steady" | 153 |
| 35 | "Extremely Low L2SR + Excessively High Debt + P > Q + Soil demand Increasing" | 154 |
However, according to the whitepaper, only cases where there is excessively high debt and P > 1 at the same time should be taken into account.
The first 8 cases that meet caseId.mod(36) < 8 are
| Id | Cases | Line number |
|---|---|---|
| 0 | "Extremely Low L2SR + Excessively Low Debt + P < 1 + Soil demand Decreasing" | 119 |
| 1 | "Extremely Low L2SR + Excessively Low Debt + P < 1 + Soil demand Steady" | 120 |
| 2 | "Extremely Low L2SR + Excessively Low Debt + P < 1 + Soil demand Increasing" | 121 |
| 3 | "Extremely Low L2SR + Excessively Low Debt + P > 1 + Soil demand Decreasing" | 122 |
| 4 | "Extremely Low L2SR + Excessively Low Debt + P > 1 + Soil demand Steady" | 123 |
| 5 | "Extremely Low L2SR + Excessively Low Debt + P > 1 + Soil demand Increasing" | 124 |
| 6 | "Extremely Low L2SR + Excessively Low Debt + P > Q + Soil demand Decreasing" | 125 |
| 7 | "Extremely Low L2SR + Excessively Low Debt + P > Q + Soil demand Steady" | 126 |
Nevertheless, according to the whitepaper, cases where there is excessively low debt and P > 1 at the same time should be taken into account. In this example, the caseId 8 should be included too.
Impact
Impact: Medium
Additional undesirable cases are included in the Soil issuance calculation.
Most of the relevant cases have already been taken into account.
Likelihood: Medium
The inconsistencies found directly affect the Soil issuance calculation only when P > 1.
Tools Used
Manual Review
Recommended Mitigation
According to the whitepaper, a proper implementation of the Sun:setSoilAbovePeg function is
function setSoilAbovePeg(uint256 newHarvestable, uint256 caseId) internal {
uint256 newSoil = newHarvestable.mul(100).div(100 + s.sys.weather.temp);
- if (caseId.mod(36) >= 24) {
+ if (caseId.mod(36) >= 30) {
newSoil = newSoil.mul(SOIL_COEFFICIENT_HIGH).div(C.PRECISION); // high podrate
- } else if (caseId.mod(36) < 8) {
+ } else if (caseId.mod(36) <= 8) {
newSoil = newSoil.mul(SOIL_COEFFICIENT_LOW).div(C.PRECISION); // low podrate
}
setSoil(newSoil);
}
Prize pool breakdown
Total prize
250,000 USDC
nSLOC
12,28520 USDC / LOC
220,000 USDC
10,000 USDC
20,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.