Beanstalk Notion
Beanstalk Notion
📄

Report #19172

Report Date
April 14, 2023
Status
Closed
Payout

Smart Contract Code

‣
Report Info

Report ID

#19172

Target

https://etherscan.io/address/0xBEA0000029AD1c77D3d5D23Ba2D8893dB9d1Efab

Report type

Smart Contract

Impacts

The Code doesn't execute how it should, and it is missing some lines of code. (Out of scope)

Has PoC?

Yes

Bug Description

The code in the Smart Contract does not work. This is where the code is wrong. [{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 3, "startColumn": 1, "endLineNumber": 3, "endColumn": 7 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 3, "startColumn": 8, "endLineNumber": 3, "endColumn": 16 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "';' expected.", "source": "ts", "startLineNumber": 3, "startColumn": 20, "endLineNumber": 3, "endColumn": 22 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 4, "startColumn": 1, "endLineNumber": 4, "endColumn": 7 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 4, "startColumn": 8, "endLineNumber": 4, "endColumn": 20 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 26, "startColumn": 1, "endLineNumber": 26, "endColumn": 9 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 26, "startColumn": 10, "endLineNumber": 26, "endColumn": 24 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1228", "severity": 8, "message": "A type predicate is only allowed in return type position for functions and methods.", "source": "ts", "startLineNumber": 26, "startColumn": 25, "endLineNumber": 26, "endColumn": 39 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "';' expected.", "source": "ts", "startLineNumber": 26, "startColumn": 70, "endLineNumber": 26, "endColumn": 71 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 27, "startColumn": 5, "endLineNumber": 27, "endColumn": 12 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1128", "severity": 8, "message": "Declaration or statement expected.", "source": "ts", "startLineNumber": 27, "startColumn": 13, "endLineNumber": 27, "endColumn": 19 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1435", "severity": 8, "message": "Unknown keyword or identifier. Did you mean 'const ant'?", "source": "ts", "startLineNumber": 27, "startColumn": 20, "endLineNumber": 27, "endColumn": 28 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 34, "startColumn": 25, "endLineNumber": 34, "endColumn": 30 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 34, "startColumn": 39, "endLineNumber": 34, "endColumn": 45 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 34, "startColumn": 46, "endLineNumber": 34, "endColumn": 50 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 34, "startColumn": 59, "endLineNumber": 34, "endColumn": 65 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 34, "startColumn": 66, "endLineNumber": 34, "endColumn": 72 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 51, "startColumn": 27, "endLineNumber": 51, "endColumn": 29 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 51, "startColumn": 39, "endLineNumber": 51, "endColumn": 45 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1144", "severity": 8, "message": "'{' or ';' expected.", "source": "ts", "startLineNumber": 51, "startColumn": 47, "endLineNumber": 51, "endColumn": 53 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 51, "startColumn": 54, "endLineNumber": 51, "endColumn": 61 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1144", "severity": 8, "message": "'{' or ';' expected.", "source": "ts", "startLineNumber": 60, "startColumn": 25, "endLineNumber": 60, "endColumn": 31 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 60, "startColumn": 32, "endLineNumber": 60, "endColumn": 36 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 60, "startColumn": 37, "endLineNumber": 60, "endColumn": 44 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 60, "startColumn": 45, "endLineNumber": 60, "endColumn": 53 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "';' expected.", "source": "ts", "startLineNumber": 60, "startColumn": 70, "endLineNumber": 60, "endColumn": 71 }]

Impact

It makes it so the smart contract doesn't work correctly.

Risk Breakdown

Difficulty to Exploit: Medium Weakness: The code in the smart contract doesn't work. CVSS2 Score: Critical

Recommendation

Here is what the correct code should be. [{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 3, "startColumn": 1, "endLineNumber": 3, "endColumn": 7 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 3, "startColumn": 8, "endLineNumber": 3, "endColumn": 16 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "';' expected.", "source": "ts", "startLineNumber": 3, "startColumn": 20, "endLineNumber": 3, "endColumn": 22 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 4, "startColumn": 1, "endLineNumber": 4, "endColumn": 7 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 4, "startColumn": 8, "endLineNumber": 4, "endColumn": 20 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 26, "startColumn": 1, "endLineNumber": 26, "endColumn": 9 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 26, "startColumn": 10, "endLineNumber": 26, "endColumn": 24 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1228", "severity": 8, "message": "A type predicate is only allowed in return type position for functions and methods.", "source": "ts", "startLineNumber": 26, "startColumn": 25, "endLineNumber": 26, "endColumn": 39 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "';' expected.", "source": "ts", "startLineNumber": 26, "startColumn": 70, "endLineNumber": 26, "endColumn": 71 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 27, "startColumn": 5, "endLineNumber": 27, "endColumn": 12 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1128", "severity": 8, "message": "Declaration or statement expected.", "source": "ts", "startLineNumber": 27, "startColumn": 13, "endLineNumber": 27, "endColumn": 19 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1435", "severity": 8, "message": "Unknown keyword or identifier. Did you mean 'const ant'?", "source": "ts", "startLineNumber": 27, "startColumn": 20, "endLineNumber": 27, "endColumn": 28 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 34, "startColumn": 25, "endLineNumber": 34, "endColumn": 30 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 34, "startColumn": 39, "endLineNumber": 34, "endColumn": 45 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 34, "startColumn": 46, "endLineNumber": 34, "endColumn": 50 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 34, "startColumn": 59, "endLineNumber": 34, "endColumn": 65 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 34, "startColumn": 66, "endLineNumber": 34, "endColumn": 72 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 51, "startColumn": 27, "endLineNumber": 51, "endColumn": 29 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "',' expected.", "source": "ts", "startLineNumber": 51, "startColumn": 39, "endLineNumber": 51, "endColumn": 45 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1144", "severity": 8, "message": "'{' or ';' expected.", "source": "ts", "startLineNumber": 51, "startColumn": 47, "endLineNumber": 51, "endColumn": 53 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 51, "startColumn": 54, "endLineNumber": 51, "endColumn": 61 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1144", "severity": 8, "message": "'{' or ';' expected.", "source": "ts", "startLineNumber": 60, "startColumn": 25, "endLineNumber": 60, "endColumn": 31 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 60, "startColumn": 32, "endLineNumber": 60, "endColumn": 36 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 60, "startColumn": 37, "endLineNumber": 60, "endColumn": 44 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1434", "severity": 8, "message": "Unexpected keyword or identifier.", "source": "ts", "startLineNumber": 60, "startColumn": 45, "endLineNumber": 60, "endColumn": 53 },{ "resource": "Untitled-1", "owner": "typescript", "code": "1005", "severity": 8, "message": "';' expected.", "source": "ts", "startLineNumber": 60, "startColumn": 70, "endLineNumber": 60, "endColumn": 71 }]

Proof of concept

Get the code from the smart contract on etherscan titled "Contract Source Code (Solidity Standard Json-Input format)". Then put the code into visual code and analyse it.

Immunefi Response

Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
  • claimed impact by the whitehat is not in scope for the bug bounty program
  • claimed asset by the whitehat is in scope for the bug bounty program
  • PoC has been submitted to the project
  • claimed severity is in scope for the bug bounty program

Since this bug bounty program does not require Immunefi's triaging, note that Immunefi does not:

  • check if whitehat's claims are factually correct
  • check PoC to understand the validity
  • assess the submission's severity

These activities are the project's responsibility.

The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.