Payable function using delegatecall inside a loop
- Theft of unclaimed yield
- Smart contract unable to operate due to lack of token funds
- Temporary freezing of funds for at least 1 hour
- Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield
- Any governance voting result manipulation
use of delegatecall inside a loop in a payable function. Depot.farm(bytes) (contracts/depot/Depot.sol line 55-66) has delegatecall inside a loop in a payable function:
the same msg.value amount will be accredited multiple times.
Difficulty to Exploit: Easy
Carefully check that the function called by delegatecall is not payable/doesn't use msg.value
Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
- claimed impact by the whitehat is in scope for the bug bounty program
- claimed asset by the whitehat is in scope for the bug bounty program
has not been submittedto the project
- claimed severity is in scope for the bug bounty program
Since this bug bounty program does not require Immunefi's triaging, note that Immunefi does not:
- check if whitehat's claims are factually correct
- check PoC to understand the validity
- assess the submission's severity
These activities are the project's responsibility.
The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.