📄

Report #19105

Report Date
April 12, 2023
Status
Closed
Payout

Missing payable modifier for functions

Report Info

Report ID

#19105

Target

Report type

Smart Contract

Impacts

Permanent freezing of funds

Has PoC?

Yes

Bug Description

A clear and concise description of the bug.

Hello

In functions enrootDeposits and enrootDeposit it is missing payable modifier to run this functions

i attached screenshot from etherscan to show POC that there is missing payable modifier

Risk Breakdown

Difficulty to Exploit: Easy Weakness: CVSS2 Score:

Proof of concept

i attached screenshots from etherscan for 0xf73db3fb33c7070db0f0ae4a76872251dca15e97 to show POC that there is missing payable modifier

BIC Response

The program notes that: "All vulnerabilities noted in any audit report in the Beanstalk Audits repository (or otherwise known by the BIC, BCM, or Root DAO Multisig) are not eligible for a reward."

The BIC is already aware that a payable modifier is not on the enrootDeposit(s) functions.

For these reasons, a reward will not be issued.