Error in time-weighted deltaB calculation on BEAN:ETH pool
Illegitimate minting of protocol native assets
The time-weighted deltaB that Beanstalk uses for minting Beans/Soil is incorrect for the BEAN:ETH Pool. From my conversation with Brendan: while the average reserves of BEAN/ETH in that pool are taken into consideration, the ETH price itself is not averaged, and the price of ETH at the end of the season being used.
I noticed this because, in the absence of trading over the course of a season, the instantaneous deltaB is equal to the time-weighted deltaB regardless of price fluctuation. Even if deltaB was negative for an entire season, if ETH price rises suddenly at the end of the season to a positive deltaB, Beans will be minted. And, if ETH rises significantly during a season, despite continual selling/converting down to peg, the time-weighted deltaB keeps climbing (see season 16689 47k mint)
So far: 100k illegitimately minted beans, from my personal observations. Thankfully the ETH price calculation is considering a combination of chainlink + uniswap prices, so it should not be possible for a flash-loan into uniswap to cause excessive minting. Therefore I don't find it as a critical or existential risk in the short term.
As an exploit, think it would have to be a flash-loan against uniswap, but the effects would not be extreme thanks to the chainlink fail-safe. It's more of a risk of runaway minting/soil issuance in periods of high ETH volatility.
Fix the deltaB oracle for BEAN:ETH Pool such that the time-weighted deltaB calculation equals the average value of the instantaneous deltaB over the season
Proof of concept
Best proof of concept I can give are examples on mainnet, see seasons 16689, 16691, 16694 for some where significant beans were minted despite instantaneous deltaB being negative or sub 10k for the entire season. (note that every season has the issue either for Bean mints or Soil issuance)
After reviewing your bug report, we believe that it is in scope for our bug bounty program and the threat level is High.
Based on our bounty page, this submission's ( Smart Contract - High ) reward is capped at the lower of (a) 10% of practicable economic damage, or (b) USD 100 000, with a minimum reward of USD 10 000, to be paid in Beans. Bug reports that do not come with a PoC and code implementing a fix may qualify for a maximum of up to 30% of said reward.
The BIC determined that it is not possible to calculate the funds at risk or practicable economic damage for this issue given that it is not exploitable by a malicious actor and is only realized via ETH price changes (and excess Beans != economic damage).
However, despite the fact that this issue is not exploitable by a malicious actor, and that the report does not include lack of code implementing a fix (which is understandable given that it wasn't clear what the issue was prior to discussion with the developer of the code), the BIC has determined that this particular bug report be rewarded 10,000 Beans.