Total Pool - $100,000
-
H/M - $95,000
-
Low - $5,000
-
Starts: Monday, February 26, 2024
-
Ends: Monday, March 25, 2024
- nSLOC: 5776
- Complexity Score: 3356
- $/nSLOC: $15.58
- $/Complexity: $26.82
Beanstalk is a permissionless fiat stablecoin protocol built on Ethereum. Its primary objective is to incentivize independent market participants to regularly cross the price of 1 Bean over its dollar peg in a sustainable fashion.
Beanstalk does not have any collateral requirements. Beanstalk uses credit instead of collateral to create Bean price stability relative to its value peg of $1. The practicality of using DeFi is currently limited by the lack of decentralized low-volatility assets with competitive carrying costs. Borrowing rates on USD stablecoins have historically been higher than borrowing rates on USD, even when supply increases rapidly. Non-competitive carrying costs are due to collateral requirements.
In particular, the Sun and Silo components of Beanstalk are in scope of this audit. The code in the repository includes the Seed Gauge System upgrade, which upgrades the Silo to autonomously adjust the Grown Stalk issued to holders of various whitelisted tokens. An overview of the Gauge System can be read here.
You can read an overview of how Beanstalk works here.
- Stalkholder / Silo Member
- Anyone who Deposits assets on the Deposit Whitelist into the Silo, earning the illiquid Stalk token in doing so. Stalkholders participate in governance and earn Bean seigniorage.
gmcaller- Anyone who calls the
gmfunction to start the next Season.
- Anyone who calls the
- Unripe holder
- Anyone who holds Unripe Beans or Unripe LP. These assets were distributed to holders of BDV (Bean Denominated Value) at the time of the April 2022 governance exploit. Most Unripe holders have their Unripe assets Deposited in the Silo, and thus are also Stalkholders. Somewhat relevant to this audit.
- Fertilizer holder
- Anyone who holds Fertilizer, the debt asset earned by participating in Beanstalk's recapitalization. Not particularly relevant for the scope of this audit.
- Pod holder
- Anyone who holds Pods, the Beanstalk-native debt asset. Pods are minting when lending Beans to Beanstalk (Sowing Beans). Not particularly relevant for the scope of this audit.
Generally, the audit covers the Silo, the Sun and many of their associated libraries. A couple contracts from the Barn (related to Unripe assets) are also in scope.
Specifically, only the following contracts are in scope.
protocol/
└── contracts/
├── beanstalk/
│ ├── AppStorage.sol
│ ├── barn/
│ │ └── UnripeFacet.sol
│ ├── init/
│ │ ├── InitBipSeedGauge.sol
│ │ └── InitWhitelistStatuses.sol
│ ├── silo/
│ │ ├── BDVFacet.sol
│ │ ├── ConvertFacet.sol
│ │ ├── EnrootFacet.sol
│ │ ├── MigrationFacet.sol
│ │ ├── SiloFacet/
│ │ │ ├── Silo.sol
│ │ │ ├── SiloFacet.sol
│ │ │ ├── SiloGettersFacet.sol
│ │ │ └── TokenSilo.sol
│ │ └── WhitelistFacet/
│ │ ├── WhitelistedFacet.sol
│ │ └── WhitelistedTokens.sol
│ └── sun/
│ ├── GaugePointFacet.sol
│ ├── LiquidityWeightFacet.sol
│ └── SeasonFacet/
│ ├── Oracle.sol
│ ├── SeasonFacet.sol
│ ├── SeasonGettersFacet.sol
│ ├── Sun.sol
│ └── Weather.sol
├── libraries/
│ ├── Convert/
│ │ ├── LibChopConvert.sol
│ │ ├── LibConvert.sol
│ │ ├── LibConvertData.sol
│ │ ├── LibLambdaConvert.sol
│ │ ├── LibUnripeConvert.sol
│ │ └── LibWellConvert.sol
│ ├── LibCases.sol
│ ├── LibChop.sol
│ ├── LibEvaluate.sol
│ ├── LibFertilizer.sol
│ ├── LibGauge.sol
│ ├── LibIncentive.sol
│ ├── LibLockedUnderlying.sol
│ ├── LibUnripe.sol
│ ├── Minting/
│ │ └── LibWellMinting.sol
│ ├── Oracle/
│ │ ├── LibChainlinkOracle.sol
│ │ ├── LibEthUsdOracle.sol
│ │ └── LibUsdOracle.sol
│ ├── Silo/
│ │ ├── LibGerminate.sol
│ │ ├── LibLegacyTokenSilo.sol
│ │ ├── LibSilo.sol
│ │ ├── LibTokenSilo.sol
│ │ ├── LibUnripeSilo.sol
│ │ ├── LibWhitelist.sol
│ │ └── LibWhitelistedTokens.sol
│ └── Well/
│ └── LibWell.sol
└── pipeline/
└── junctions/
└── UnwrapAndSendETH.sol
Beanstalk implements the ERC-2535 Diamond standard. It supports various whitelists for Deposits, Minting, Converts, etc., particularly for LP tokens from Basin.
Blockchains:
- Ethereum
Tokens:
- ERC-20 (all are accepted in Farm balances, a whitelist is accepted on the Deposit Whitelist, etc.)
- ERC-1155 (Fertilizer and Deposits are ERC-1155 tokens)
Clone repo:
git clone https://github.com/Cyfrin/2024-02-Beanstalk-1Install dependencies:
cd Beanstalk/protocol
yarnAdd RPC:
export FORKING_RPC=https://eth-mainnet.g.alchemy.com/v2/{RPC_KEY}Build:
npx hardhat compileTest:
npx hardhat test-
The
enrootDepositsfunctions do not properly emit ERC-1155 events.enrootDepositsupdates a user's Unripe Deposits' BDV and issues the corresponding Stalk to the user. The singleenrootDepositfunction correctly emits the ERC-1155 events, but the multiple variant incorrectly emits atransferSingleevent to the 0 address for each Deposit. Given the Beanstalk subgraph does not use these events, and cannot be used to harm the protocol, the fix will be implmented in a separate upgrade to Beanstalk.
-
The
SeasonFacetcontract is known to be too large to deploy on mainnet (due toLibGerminate). This will be fixed before the Seed Gauge System is deployed -
All findings in the following audit reports
- Cyfrin's initial audit report of v0 of the Gauge System (the version of the Gauge System in this Codehawks audit is substantially different, hence the need for another audit);
- Cyfrin's initial Beanstalk report;
- All Beanstalk audit reports listed in this repository; and
- All bug reports from the Immunefi program listed here.
Additional Known Issues as outlined here: Additional Known Issues
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent