Beanstalk: The Finale
Beanstalk
DeFiHardhatFoundry
250,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Lib Dibbler uses constant block time for both L2 and L1 which can change in future.

0xnirlin

Summary

Lib Dibbler uses constant block time for both L2 and L1 which can change in future.

Vulnerability Details

All the calculation in the LibDibbler is dependent upon the L1 blocktime and L2 block time, which are set respectively to 12 for L1 and 2 for L2, 12 being for now is right value for ethereum, but look at the following chart

https://gist.github.com/0xnirlin/c3bea5d2d8af54a612dec36b8de1c672

so the block time is not a constant thing and keep changing over time.

So if in future if this value changes it will skew the results of the delta

uint256 delta = block.number.sub(s.sys.season.sunriseBlock).mul(L2_BLOCK_TIME).div(
L1_BLOCK_TIME
);

Hence skewing the results for morning temperature and impacting other functions in Field Facet too.

Impact

Medium

Tools Used

Brain

Recommendations

Use setters and getters for these two variables and don't keep them as constants.

Updates

Lead Judging Commences

inallhonesty Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Design choice
Assigned finding tags:

L2_BLOCK_TIME hardcoded to 2 seconds is not right for most L2's

Appeal created

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

L2_BLOCK_TIME hardcoded to 2 seconds is not right for most L2's

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.