Different Duplicate Facets simultaneously work in Beanstalk diamond system
Report ID
#19295
Target
Report type
Smart Contract
Impacts
Permanent freezing of funds
Has PoC?
Yes
Bug Description
A clear and concise description of the bug.
There are two different SiloFacet in diamond Proxy addresses: 0xf73db3fb33c7070db0f0ae4a76872251dca15e97 was deployed 166 days ago 0xed7be52f59b4aa0c36b046e5c1f14df62aae79d6 was deployed 129 days ago
You need to leave only one Facet in your system
Risk Breakdown
Difficulty to Exploit: Easy Weakness: CVSS2 Score:
Proof of concept
i attached screenshots from https://louper.dev/ to show that 0xf73db3fb33c7070db0f0ae4a76872251dca15e97 0xed7be52f59b4aa0c36b046e5c1f14df62aae79d6 are in system
BIC Response
This is not a security bug report because the "bug" described is expected behavior. It is acceptable for there be multiple facets with the same name. See Louper to see how the different SiloFacets have different function selectors on them: https://louper.dev/diamond/0xc1e088fc1323b20bcbee9bd1b9fc9546db5624c5.
The report also does not describe how the reported issue would lead to the impact of "permanent freezing of funds".
Due to these reasons, we are closing the submission and no reward will be issued.