Proposed: February 25, 2024
Status: Passed
Link: Snapshot
Beanstalk Immunefi Committee
A bug was submitted through Immunefi that allows an Unripe Bean Depositor to mint additional Unripe LP by sending Beans or ETH to the BEAN:ETH Well before Converting. This is because Unripe Bean to Unripe LP Converts are implemented with the sync Well Implementation function rather than addLiquidity.
Change sync to addLiquidity in LibFertilizer.addUnderlying.
Given the low impact and likelihood of this issue being exploited (it is unprofitable to execute), the BCM determined that an EBIP is not necessary. The goal is to include this fix in an upcoming BIP.
The BIC determined that the practicable economic damage of this issue is zero given that an attack would never be profitable. However, the most appropriate impact in scope for this report is "Illegitimate minting of protocol native assets", i.e., High severity, as a result of the potential for minting additional Unripe LP.
For these reasons, the BIC has determined that this bug report be rewarded 10,000 Beans.
The init function on the following InitMint contract is called:
We propose 10,000 Beans are minted to the following address in order to pay the bounty to the whitehat:
We propose 1,000 Beans are minted to the following address in order to pay the 10% fee to Immunefi: