📄

Report #19105

Report Date
April 12, 2023
Status
Closed
Payout

Missing payable modifier for functions

Report Info

Report ID

#19105

Target

https://etherscan.io/address/0xC1E088fC1323b20BCBee9bd1B9fC9546db5624C5

Report type

Smart Contract

Impacts

Permanent freezing of funds

Has PoC?

Yes

Bug Description

A clear and concise description of the bug.

Hello

In contract https://etherscan.io/address/0xf73db3fb33c7070db0f0ae4a76872251dca15e97

In functions enrootDeposits and enrootDeposit it is missing payable modifier to run this functions

i attached screenshot from etherscan to show POC that there is missing payable modifier

Risk Breakdown

Difficulty to Exploit: Easy Weakness: CVSS2 Score:

Proof of concept

i attached screenshots from etherscan for 0xf73db3fb33c7070db0f0ae4a76872251dca15e97 to show POC that there is missing payable modifier

BIC Response

The program notes that: "All vulnerabilities noted in any audit report in the Beanstalk Audits repository (or otherwise known by the BIC, BCM, or Root DAO Multisig) are not eligible for a reward."

The BIC is already aware that a payable modifier is not on the enrootDeposit(s) functions.

This commit is from 2 weeks ago, adding the modifiers: https://github.com/BeanstalkFarms/Beanstalk/commit/a58a55d0df95a4eb25b772a931a5c70f7db1d4c6

For these reasons, a reward will not be issued.