Summary

The convert function in the ConvertFacet contract lacks input validation for the lengths of the stems and amounts arrays, which could lead to out-of-bounds errors and unexpected behavior.

Vulnerability Details

The function accepts two arrays, stems and amounts, intended to correspond to each other. However, the contract does not verify that these arrays have the same length or that their indices are within bounds relative to each other. This could lead to accessing elements outside the bounds of the arrays, resulting in undefined behavior or incorrect logic execution.
https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/4e0ad0b964f74a1b4880114f4dd5b339bc69cd3e/protocol/contracts/beanstalk/silo/ConvertFacet.sol#L55-L105

Impact

If the lengths of the arrays are not validated, it can lead to out-of-bounds errors during array operations, causing unexpected behavior or contract failures.

Tools Used

Manual Code Review

Recommendations

Add input validation to ensure the lengths of stems and amounts arrays are equal before proceeding with further operations

OTHER INSTANCES

• https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/4e0ad0b964f74a1b4880114f4dd5b339bc69cd3e/protocol/contracts/beanstalk/silo/EnrootFacet.sol#L138

• https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/4e0ad0b964f74a1b4880114f4dd5b339bc69cd3e/protocol/contracts/beanstalk/silo/SiloFacet/SiloFacet.sol#L166

• https://github.com/Cyfrin/2024-05-beanstalk-the-finale/blob/4e0ad0b964f74a1b4880114f4dd5b339bc69cd3e/protocol/contracts/beanstalk/silo/SiloFacet/SiloFacet.sol#L107