Beanstalk: The Finale
Beanstalk
DeFiHardhatFoundry
250,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Permit signatures cannot be cancelled by signers before deadline

zanybonzy

Relevant GitHub Links

https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/df2dd129a878d16d4adc75049179ac0029d9a96b/protocol/contracts/libraries/Token/LibTokenPermit.sol#L59

https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/df2dd129a878d16d4adc75049179ac0029d9a96b/protocol/contracts/libraries/Silo/LibSiloPermit.sol#L138

Summary

The permit signatures in LibSiloPermit.sol and LibTokenPermit.sol cannot be cancelled if the signer so wishes.

Vulnerability Details

The permit signatures in LibSiloPermit.sol and LibTokenPermit.sol offers the signer the option to create a EIP-712 signature. After signing this signature, a signer might want to cancel it, but will not be able do so. This is because the function to increase nonce is not exposed and the _useNonce function is marked internal.

In LibTokenPermit.sol,

function _useNonce(address owner) internal returns (uint256 current) {
AppStorage storage s = LibAppStorage.diamondStorage();
current = s.accts[owner].tokenPermitNonces;
++s.accts[owner].tokenPermitNonces;
}

In LibSiloPermit.sol,

function _useNonce(address owner) internal returns (uint256 current) {
AppStorage storage s = LibAppStorage.diamondStorage();
current = s.accts[owner].depositPermitNonces;
++s.accts[owner].depositPermitNonces;
}

Similar finding from Cyfrin team.

Impact

Signers cannot cancel their signatures before its deadline.

Tools Used

Manual Review.

Recommendations

Introduce an external function like IncreaseNonce that will query _useNonce on behalf of msg.sender.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Permit signatures cannot be cancelled by signers before deadline

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.