Beanstalk: The Finale

Summary

The receiveShipment function in the LibReceiving library does not explicitly handle invalid ShipmentRecipient enum values, potentially leading to unintended behavior.

Vulnerability Details

The receiveShipment function is responsible for routing shipments to the correct recipient based on the ShipmentRecipient enum value. However, if an invalid enum value is provided, none of the conditional checks will pass, and the function will exit without performing any action. This scenario is not explicitly handled, which could result in shipments being silently dropped.

Impact

The lack of explicit handling for invalid enum values can lead to shipments not being processed. This can result in lost assets or data inconsistencies, particularly if the function is called with unverified or user-provided data. The severity of this vulnerability is Medium, as it could affect the functionality and reliability of the contract.

Tools Used

Manual code review

Recommendations

To mitigate this vulnerability, add an explicit check for invalid enum values. This can be done by including an else clause that reverts the transaction if the recipient is not a recognized enum value. Here is an example implementation: function receiveShipment(
ShipmentRecipient recipient,
uint256 shipmentAmount,
bytes memory data
) internal {
if (recipient == ShipmentRecipient.SILO) {
siloReceive(shipmentAmount, data);
} else if (recipient == ShipmentRecipient.FIELD) {
fieldReceive(shipmentAmount, data);
} else if (recipient == ShipmentRecipient.BARN) {
barnReceive(shipmentAmount, data);
} else {
revert("Invalid ShipmentRecipient value");
}
}

POC

a minimal version of the LibReceiving library and the ShipmentRecipient enum.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

library LibReceiving {
enum ShipmentRecipient { SILO, FIELD, BARN }

function siloReceive(uint256 shipmentAmount, bytes memory data) internal {
    // Implementation for receiving in silo
}

function fieldReceive(uint256 shipmentAmount, bytes memory data) internal {
    // Implementation for receiving in field
}

function barnReceive(uint256 shipmentAmount, bytes memory data) internal {
    // Implementation for receiving in barn
}

function receiveShipment(
    ShipmentRecipient recipient,
    uint256 shipmentAmount,
    bytes memory data
) internal {
    if (recipient == ShipmentRecipient.SILO) {
        siloReceive(shipmentAmount, data);
    } else if (recipient == ShipmentRecipient.FIELD) {
        fieldReceive(shipmentAmount, data);
    } else if (recipient == ShipmentRecipient.BARN) {
        barnReceive(shipmentAmount, data);
    }
    // Missing else case for handling invalid enum values
}

}

contract that will uses LibReceiving library and demonstrate the issue by passing an invalid enum value.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

import "./LibReceiving.sol";

contract InvalidEnumPoC {
using LibReceiving for LibReceiving.ShipmentRecipient;

event ReceivedShipment(LibReceiving.ShipmentRecipient recipient, uint256 amount, bytes data);
event FallbackCalled();

function receiveValidShipment() external {
    LibReceiving.receiveShipment(LibReceiving.ShipmentRecipient.SILO, 1000, "Valid shipment");
}

function receiveInvalidShipment() external {
    // Casting an invalid integer to the ShipmentRecipient enum
    uint256 invalidRecipientValue = 999; // An invalid enum value
    LibReceiving.ShipmentRecipient invalidRecipient = LibReceiving.ShipmentRecipient(invalidRecipientValue);
    
    // Attempting to receive shipment with an invalid recipient
    LibReceiving.receiveShipment(invalidRecipient, 1000, "Invalid shipment");
}

}

Expected Outcome
Valid Shipment: The receiveValidShipment function will successfully process the shipment and may emit events or perform actions as defined in the siloReceive function.
Invalid Shipment: The receiveInvalidShipment function will not process the shipment, and no actions will be taken. This silent failure demonstrates the vulnerability due to the lack of handling for invalid enum values.