Manual Review
Manual Review
A thorough line-by-line review was conducted on the codebase to identify potential malfunctions and vulnerabilities in the Beanstalk stablecoin protocol.
As the project at hand implements a unique Uniswap-interfacing stablecoin protocol, intricate care was put into ensuring that the flow of funds within the system conforms to the specifications and restrictions laid forth within the protocol's specification and that all peg stability mechanisms outlined in the whitepaper perform as intended.
We validated that all state transitions of the system occur within sane criteria and that all rudimentary formulas within the system execute as expected. We pinpointed a significant vulnerability within the system which could have lead to total loss of a user's own assets in case of misuse, however, it was conveyed ahead of time to the Beanstalk team to be promptly remediated.
Additionally, the system was investigated for any other commonly present attack vectors such as re-entrancy attacks, mathematical truncations, logical flaws and ERC / EIP standard inconsistencies. The documentation of the project was satisfactory to a certain extent, however, we strongly recommend the documentation of the project to be expanded at certain complex points such as the lpToPeg mechanism within LibConvert.
A total of 68 findings were identified over the course of the manual review of which 25 findings concerned the behaviour and security of the system. The non-security related findings, such as optimizations, are included in the separate Code Style chapter.
The finding table below enumerates all these security / behavioural findings:
| ID | Severity | Addressed | Title |
|---|---|---|---|
| ASE-01M | ![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="168" height="66"><rect fill-opacity="0"/></svg>)
| ![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="138" height="66"><rect fill-opacity="0"/></svg>)
| Potentially Incompatible Storage Layout |
| BIP-01M | ![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="176" height="66"><rect fill-opacity="0"/></svg>)
|
| Ineffectual Usage of SafeMath
|
| BIP-02M |
|
| Indeterminate BIP Status Edge Case |
| BIP-03M |
|
| Inexistent Sanitisation of Diamond Compliant Data |
| BIP-04M |
|
| Mismatching Calculation of White Paper |
| CSO-01M |
|
| Potential Re-Entrancy Attack Vector |
| CSO-02M |
| ![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="194" height="66"><rect fill-opacity="0"/></svg>)
| Inconsistent Balance Check |
| DIB-01M | ![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="204" height="66"><rect fill-opacity="0"/></svg>)
|
| Unsafe Down-Casting |
| DIB-02M |
|
| Redundantly Preemptive Amount Evaluation |
| FFT-01M |
|
| Dangerous Self-Transfer |
| FFE-01M |
|
| Substantial Supply Increase |
| FFE-02M |
|
| Improper Handling of Overfunding |
| LPS-01M |
|
| Inexplicable Conditional |
| LCT-01M | ![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="280" height="66"><rect fill-opacity="0"/></svg>)
|
| Inexistent Justification of Calculations |
| LIE-01M |
|
| Undocumented Code |
| LIL-01M |
|
| Inexistent Function Implementation |
| OFT-01M |
|
| Incorrect Price Evaluation |
| SEE-01M |
|
| Flash-Loan Prone LP Evaluation |
| USO-01M |
|
| Potential Truncation of Unclaimed Root Accounting |
| VBH-01M |
|
| Inconsistent Behaviour |
| WEA-01M |
|
| Spot Reserve Season-of-Plenty Evaluation |
| WEA-02M |
|
| Unsafe Down-Casting |
| WEA-03M |
|
| Potentially Incorrect Edge Case |
| WEA-04M |
|
| Dynamic Evaluation of Supply |
| WEA-05M |
|
| Misleading Type Casting |