Report #21139

In `sop()` BEANS are exchanged for 3CVR LPs without slippage

BIC Response

This is not a valid bug report due to the following reasons:

• Beanstalk will sell Beans during a Flood based on the instantaneous deltaB, i.e., Beanstalk is only going to sell Beans if above peg, and if so, sell enough Beans to return to peg. Given this, any sandwich attack on the Flood (one where someone flash loan borrows Beans, sells Beans, calls gm(), and buys back the Beans at peg to pay back the loan in an attempt to make a profit) would simply result in fewer or zero Beans being sold (and thus less or no 3CRV being distributed to Stalkholders). This is not a theft of yield because the yield is not created at any point.
• Given the above reasons, the PoC in the report doesn’t work.
• There is the possibility of repeatedly performing this flash loan attack on the Flood every Season such that Beanstalk never sells any Beans. This is a known issue but would require the attacker to guarantee that they can call gm() each Season.

Due to these reasons, we are closing the submission and no reward will be issued.