Beanstalk Notion
Beanstalk Notion
/
🪲
Bug Reports
/
BIC Notes
/
📄
Report #32255
📄

Report #32255

Report Date
June 16, 2024
Status
Closed
Payout

Unlimited Minting in BeanstalkERC20 Contract

‣
Report Info

Report ID

#32255

Report type

Smart Contract

Has PoC?

Yes

Target

https://etherscan.io/address/0x1BEA3CcD22F4EBd3d37d731BA31Eeca95713716D

Impacts

Illegitimate minting of protocol native assets

Description

Summary: The BeanstalkERC20 smart contract allows for unlimited minting of tokens, which can lead to severe inflation and devaluation of the token. There is no cap on the total supply of tokens that can be minted, allowing the MINTER_ROLE to create an infinite number of tokens.

Steps to Reproduce:

Deploy the BeanstalkERC20 contract with any admin address. Using an account with the MINTER_ROLE, call the mint function with any address and a large amount of tokens (e.g., 1e30). Observe that the contract allows minting without any restriction on the total supply. Expected Behavior: The contract should restrict the minting of tokens by implementing a total supply cap. The mint function should revert if the minting exceeds the predefined cap.

Actual Behavior: The contract currently allows unlimited minting of tokens without any cap, potentially leading to an infinite supply of tokens.

Impact:

Inflation: Unlimited minting can lead to severe inflation, devaluing the token and harming token holders. Trust: The absence of a supply cap undermines trust in the token's economic model and can deter potential investors. Market Manipulation: An entity with the MINTER_ROLE can flood the market with new tokens, manipulating the token price and market dynamics.

Mitigation: Adopting the above fix will mitigate the risk of unlimited minting, preserving the token's value and maintaining trust among token holders and potential investors.

Proof of concept

Here is a PoC that demonstrates the issue using Hardhat: const { expect } = require("chai");

describe("BeanstalkERC20 Unlimited Minting", function () { let BeanstalkERC20; let beanstalk; let owner; let addr1;

beforeEach(async function () { [owner, addr1] = await ethers.getSigners(); BeanstalkERC20 = await ethers.getContractFactory("BeanstalkERC20"); beanstalk = await BeanstalkERC20.deploy(owner.address, "Beanstalk", "BSK"); await beanstalk.deployed(); });

it("should allow unlimited minting", async function () { const initialSupply = await beanstalk.totalSupply(); const mintAmount = ethers.BigNumber.from("1000000000000000000000000"); // 1e24 tokens

await beanstalk.connect(owner).mint(addr1.address, mintAmount);
const finalSupply = await beanstalk.totalSupply();

expect(finalSupply.sub(initialSupply)).to.equal(mintAmount);

}); });

Immunefi Response

Unfortunately, after reviewing your report, Immunefi has decided to close it due to the assessed impact being out of scope.

Immunefi review:

  • The claimed impact "Illegitimate minting of protocol native assets" by the whitehat is not in scope of the bug bounty program but the assessed impact doesn't match with the claimed impact for the following reasons.
    • Impacts caused by attacks requiring access to privileged addresses (owner address) are Out of scope
  • assessed asset by the triage team is in scope for the bug bounty program
  • PoC has been submitted to the project

Please note that the project will receive a report of the closed submission and may choose to re-open it, but they are not obligated to do so.