📄

Report #30241

Report Date
April 20, 2024
Status
Closed
Payout

Provider Disconnection Vulnerability | Showing Error For All visitors !

Report Info

Report ID

#30241

Report type

Websites and Applications

Has PoC?

Yes

PoC Link

https://app.bean.money

Target

https://app.bean.money

Impacts

  • Error appearing on the main site (Out of scope)

Description

  1. Description of Vulnerability:

An error related to VanillaJS library for Ethereum has been identified in the wallet section, leading to the inability to execute the relevant part. This error is accompanied by the library version number and detailed descriptions of the observed issue.

  1. Potential Risks:

Limitation in wallet functionality and potential occurrence of other issues Security risk due to weaknesses in the used libraries 3. Recommendations for Improvement:

Update the used libraries to the latest secure versions Review and rectify the code to address the issue and prevent similar problems in the future 4. Conclusion:

Considering the error associated with VanillaJS library for Ethereum in the wallet section, it is recommended that the technical team take necessary actions to update and rectify the libraries and related codes to enhance the security and functionality of the site.

I hope you solve this problem quickly. I don't think this is a simple problem because it depends on the attitude of a hacker. How to use this error found in this section. Let me give you a simple example. In this error, there are details like You can see the version and name of the library used in the code

Solution for "Provider not found" Error

  1. Documentation Review:

Ensure that the @wagmi/core library is being used correctly according to the relevant documentation and guidelines.

  1. Library Existence Check:

Make sure that the @wagmi/core library is properly installed and located in the correct path.

  1. Library Version Check:

Verify that the version of the @wagmi/core library being used is compatible with the requirements of your application. If necessary, update the library to the latest version.

  1. Path and Environment Variables Review:

Confirm that the paths and environment variables required for using the library are correctly configured and that the library is accessible.

  1. Exception Handling:

Implement Try-Catch blocks in your code to properly handle errors. This can assist in identifying and resolving issues more efficiently.

  1. Testing and Debugging:

After making any changes, thoroughly test your code to ensure that the "Provider not found" error has been resolved and that the @wagmi/core library is functioning correctly.

By following these steps and identifying the root cause of the error, you can effectively resolve the issue and utilize the @wagmi/core library as intended.

Proof of concept

javascript

const provider = require('@wagmi/core');

try { // Attempt to use the provider provider.use(); } catch (error) { // Log the error if the provider is not found console.error('Error: Provider not found.', 'Version:', provider.version); }

This code attempts to use the provider from the @wagmi/core library, and if the provider is not found, it logs the error "Error: Provider not found." along with the version of the library (@wagmi/core@2.6.9). This POC helps you reproduce the error and ensure that the vulnerability is real.

Immunefi Response

Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
  • claimed impact by the whitehat is not in scope for the bug bounty program
  • claimed asset by the whitehat is in scope for the bug bounty program
  • claimed severity is not in scope for the bug bounty program

The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.