Missing payable modifier for functions
Permanent freezing of funds
A clear and concise description of the bug.
In functions enrootDeposits and enrootDeposit it is missing payable modifier to run this functions
i attached screenshot from etherscan to show POC that there is missing payable modifier
Difficulty to Exploit: Easy Weakness: CVSS2 Score:
Proof of concept
i attached screenshots from etherscan for 0xf73db3fb33c7070db0f0ae4a76872251dca15e97 to show POC that there is missing payable modifier
The program notes that: "All vulnerabilities noted in any audit report in the Beanstalk Audits repository (or otherwise known by the BIC, BCM, or Root DAO Multisig) are not eligible for a reward."
The BIC is already aware that a payable modifier is not on the enrootDeposit(s) functions.
This commit is from 2 weeks ago, adding the modifiers: https://github.com/BeanstalkFarms/Beanstalk/commit/a58a55d0df95a4eb25b772a931a5c70f7db1d4c6
For these reasons, a reward will not be issued.