Beanstalk Notion
Beanstalk Notion
/
🪲
Bug Reports
/
BIC Notes
/
📄
Report #33412
📄

Report #33412

Report Date
July 19, 2024
Status
Closed
Payout

State variable shadowing

‣
Report Info

Report ID

#33412

Report type

Smart Contract

Has PoC?

Yes

Target

https://etherscan.io/address/0x39cdAf9Dc6057Fd7Ae81Aaed64D7A062aAf452fD

Impacts

lead to confusion and unintended behavior, as operations might affect the wrong variable.

Description

State Variable Shadowing occurs when a state variable in a smart contract is unintentionally overshadowed by a variable with the same name in a derived contract or within a function. This can lead to confusion and unintended behavior, as operations might affect the wrong variable.

Vulnerability Details

Internalizer._balances (contracts/fertilizer/Internalizer.sol#37) shadows: - ERC1155Upgradeable._balances (@openzeppelin/contracts-upgradeable/token/ERC1155/ERC1155Upgradeable.sol#27)

Internalizer._uri (contracts/fertilizer/Internalizer.sol#39) shadows: - ERC1155Upgradeable._uri (@openzeppelin/contracts-upgradeable/token/ERC1155/ERC1155Upgradeable.sol#33)

Impact Details

Functions may operate on the wrong state variable, leading to incorrect logic execution. For example, if a state variable used for balance tracking is shadowed, it could lead to incorrect balance calculations or updates.

References

https://swcregistry.io/docs/SWC-119/#shadowinginfunctionssol

Immunefi Response

Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
  • claimed impact by the whitehat is not in scope for the bug bounty program
  • claimed asset by the whitehat is in scope for the bug bounty program
  • PoC has not been submitted to the project
  • claimed severity is in scope for the bug bounty program

The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.