Beanstalk Notion
Beanstalk Notion
/
🪲
Bug Reports
/
BIC Notes
/
📄
Report #33414
📄

Report #33414

Report Date
July 19, 2024
Status
Closed
Payout

Incorrect exponentiation

‣
Report Info

Report ID

#33414

Report type

Smart Contract

Has PoC?

Yes

Target

https://etherscan.io/address/0xBA51AAAA95aeEFc1292515b36D86C51dC7877773

Impacts

Arithmetic

Description

Incorrect exponentiation can lead to arithmetic errors, such as overflow or underflow, causing the contract to behave unpredictably or incorrectly.

Vulnerability Details

MathUpgradeable.mulDiv(uint256,uint256,uint256) (lib/openzeppelin-contracts-upgradeable/contracts/utils/math/MathUpgradeable.sol#55-134) has bitwise-xor operator ^ instead of the exponentiation operator **: - inverse = (3 * denominator) ^ 2 (lib/openzeppelin-contracts-upgradeable/contracts/utils/math/MathUpgradeable.sol#116)

Impact Details

Can lead to issues like overflow, especially if large numbers are involved, or incorrect results if the implementation has flaws.

Immunefi Response

Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
  • claimed impact by the whitehat is not in scope for the bug bounty program
  • claimed asset by the whitehat is in scope for the bug bounty program
  • PoC has not been submitted to the project
  • claimed severity is in scope for the bug bounty program

The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.