Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC: Secure Beanstalk #729

Closed
Brean0 opened this issue Dec 20, 2023 · 0 comments · Fixed by #909
Closed

RFC: Secure Beanstalk #729

Brean0 opened this issue Dec 20, 2023 · 0 comments · Fixed by #909
Labels
⛓ Contracts Related to Beanstalk and ecosystem contracts 📜 RFC Formal protocol RFCs

Comments

@Brean0
Copy link
Contributor

Brean0 commented Dec 20, 2023
edited by hellofromguy
Loading

RFC: Secure Beanstalk

Authors

Brean, Brendan Sanderson, Guy, Ben Weintraub

Summary

Upgrade each function in Beanstalk that changes state to check that the Beanstalk contract does not take on bad debt as a result of the function execution.

Problem

Since Replant in August 2022, there have been 5 bugs that could have led to a loss of funds (fixed in EBIPs 1, 4, 5 (only Circulating assets were at risk), 10 and 12). In particular, the bugs that were mitigated in EBIPs 1, 10 and 12 could have led to losses of nearly all value in the Beanstalk contract.

Since the creation of the Immunefi Bug Bounty Program in BIP-26, the DAO has paid 1,552,385 Beans in bounties, 1,322,100 of which was for bug reports concerning funds in the Beanstalk contract that were at risk.

Solution

Define an invariant condition such that for every ERC-20 token, the number of tokens in the Beanstalk contract is equal to the sum of the balances in each different state that the asset can be in within Beanstalk as tracked by storage variables (i.e., the Silo, Farm balances, Pod Orders, Harvestable Pods, Rinsable Sprouts, Ripe assets, Legacy Withdrawals, etc.).

Upgrade each function in Beanstalk that changes state to check that this invariant condition is not broken as a result of the function execution.

Context

One of the general development philosophies of Beanstalk up to this point has been to optimize gas costs due to the high costs of transacting on Ethereum. Although this upgrade will increase the gas costs of interacting with Beanstalk, this seems like a worthwhile change in light of the recent reported vulnerabilities that could have caused significant harm to Beanstalk.

Upon exploiting any of the vulnerabilities associated with EBIPs 1, 4, 10 and 12, the Beanstalk contract would have taken on bad debt, i.e., its outstanding liabilites (as tracked in storage) would have been greater than its assets (actual tokens in the contract).

This upgrade would prevent Beanstalk from ever taking on any bad debt. Checking this condition in every Beanstalk function that changes state will cost gas to the function caller.

Specification

TBD.
@Brean0 Brean0 added ⛓ Contracts Related to Beanstalk and ecosystem contracts 📜 RFC Formal protocol RFCs labels Dec 20, 2023
Closed
Merged
@Brean0 Brean0 linked a pull request Aug 11, 2024 that will close this issue
BIP-50: Reseed Beanstalk #909
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
⛓ Contracts Related to Beanstalk and ecosystem contracts 📜 RFC Formal protocol RFCs
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

BIP-50: Reseed Beanstalk BeanstalkFarms/Beanstalk
1 participant
@Brean0