Omniscia Beanstalk Audit

Core Protocol Security Audit

Audit Overview

We were tasked with performing an audit of the Beanstalk codebase and in particular their complete stablecoin protocol implementation.

Over the course of the audit, we were able to pinpoint a significant vulnerability in plot transfers as well as several potentially exploitable attack vectors.

Additionally, we identified certain discrepancies between the whitepaper and the codebase around weather conditions as well as incentive times for BIPs.

The codebase contains code that has been imported from several other projects including Alpha Homora, DyDx and the 0x protocol all of which was validated for any discrepancies and properly documented in case any changes were needed to standardize the code.

Overall, the codebase has been developed to a high standard although it is relatively lackluster in in-line documentation which we urge the Beanstalk team to enhance.

In addition to the security vulnerabilities identified within the report, we have performed an extensive gas optimization analysis of the codebase to attempt to rigorously optimize several aspects of the code all of which have been listed in the respective Code Style chapter.

Post-Audit Conclusion

The Beanstalk team proceeded with applying remediations to all findings in a private codebase that we reviewed and consequently approved for merge with the public development repository.

All findings were either adequately dealt with or provided with sufficient additional material to be considered as nullified with the Beanstalk team assimilating all optimizational exhibits into the codebase wherever applicable.

The codebase of the Beanstalk team can be considered of a very high standard and no outstanding issues remain within the codebase.

Contracts Assessed

Files in ScopeRepositoryCommit(s)
AppStorage.sol (ASE)Beanstalk61a638bb43,
ee4720cdb4
Bip.sol (BIP)Beanstalk61a638bb43,
ee4720cdb4
Bean.sol (BEA)Beanstalk61a638bb43,
ee4720cdb4
BeanSilo.sol (BSO)Beanstalk61a638bb43,
ee4720cdb4
BeanDibbler.sol (BDR)Beanstalk61a638bb43,
ee4720cdb4
C.sol (PRO)Beanstalk61a638bb43,
ee4720cdb4
ClaimFacet.sol (CFT)Beanstalk61a638bb43,
ee4720cdb4
ConvertSilo.sol (CSO)Beanstalk61a638bb43,
ee4720cdb4
ConvertFacet.sol (CFE)Beanstalk61a638bb43,
ee4720cdb4
Decimal.sol (DEC)Beanstalk61a638bb43,
ee4720cdb4
Diamond.sol (DIA)Beanstalk61a638bb43,
ee4720cdb4
Dibbler.sol (DIB)Beanstalk61a638bb43,
ee4720cdb4
DiamondCutFacet.sol (DCF)Beanstalk61a638bb43,
ee4720cdb4
DiamondLoupeFacet.sol (DLF)Beanstalk61a638bb43,
ee4720cdb4
FieldFacet.sol (FFT)Beanstalk61a638bb43,
ee4720cdb4
FundraiserFacet.sol (FFE)Beanstalk61a638bb43,
ee4720cdb4
GovernanceFacet.sol (GFT)Beanstalk61a638bb43,
ee4720cdb4
InitBip0.sol (IB0)Beanstalk61a638bb43,
ee4720cdb4
InitBip1.sol (IB1)Beanstalk61a638bb43,
ee4720cdb4
InitBip2.sol (IB2)Beanstalk61a638bb43,
ee4720cdb4
InitBip5.sol (IB5)Beanstalk61a638bb43,
ee4720cdb4
InitBip7.sol (IB7)Beanstalk61a638bb43,
ee4720cdb4
InitEmpty.sol (IEY)Beanstalk61a638bb43,
ee4720cdb4
InitDiamond.sol (IDD)Beanstalk61a638bb43,
ee4720cdb4
InitHotFix2.sol (IHF)Beanstalk61a638bb43,
ee4720cdb4
InitHotFix3.sol (PRT)Beanstalk61a638bb43,
ee4720cdb4
InitHotFix4.sol (PRC)Beanstalk61a638bb43,
ee4720cdb4
InitHotFix5.sol (PRL)Beanstalk61a638bb43,
ee4720cdb4
InitFundraiser.sol (IFR)Beanstalk61a638bb43,
ee4720cdb4
Life.sol (LIF)Beanstalk61a638bb43,
ee4720cdb4
LPSilo.sol (LPS)Beanstalk61a638bb43,
ee4720cdb4
LibMeta.sol (LMA)Beanstalk61a638bb43,
ee4720cdb4
LibCheck.sol (LCK)Beanstalk61a638bb43,
ee4720cdb4
LibClaim.sol (LCM)Beanstalk61a638bb43,
ee4720cdb4
LibEIP712.sol (LEI)Beanstalk61a638bb43,
ee4720cdb4
LibMarket.sol (LMT)Beanstalk61a638bb43,
ee4720cdb4
LibConvert.sol (LCT)Beanstalk61a638bb43,
ee4720cdb4
LibDiamond.sol (LDD)Beanstalk61a638bb43,
ee4720cdb4
LibInternal.sol (LIL)Beanstalk61a638bb43,
ee4720cdb4
LibIncentive.sol (LIE)Beanstalk61a638bb43,
ee4720cdb4
LibAppStorage.sol (LAS)Beanstalk61a638bb43,
ee4720cdb4
OracleFacet.sol (OFT)Beanstalk61a638bb43,
ee4720cdb4
OwnershipFacet.sol (OFE)Beanstalk61a638bb43,
ee4720cdb4
PodTransfer.sol (PTR)Beanstalk61a638bb43,
ee4720cdb4
Sun.sol (SUN)Beanstalk61a638bb43,
ee4720cdb4
Silo.sol (SIL)Beanstalk61a638bb43,
ee4720cdb4
SiloExit.sol (SET)Beanstalk61a638bb43,
ee4720cdb4
SiloFacet.sol (SFT)Beanstalk61a638bb43,
ee4720cdb4
SeasonFacet.sol (SFE)Beanstalk61a638bb43,
ee4720cdb4
SiloEntrance.sol (SEE)Beanstalk61a638bb43,
ee4720cdb4
UpdateSilo.sol (USO)Beanstalk61a638bb43,
ee4720cdb4
UniswapV2OracleLibrary.sol (UVO)Beanstalk61a638bb43,
ee4720cdb4
VotingBooth.sol (VBH)Beanstalk61a638bb43,
ee4720cdb4
Weather.sol (WEA)Beanstalk61a638bb43,
ee4720cdb4

Audit Synopsis

SeverityIdentifiedAlleviatedPartially AlleviatedAcknowledged
4400
6600
141400
525200

During the audit, we filtered and validated a total of 8 findings utilizing static analysis tools as well as identified a total of 68 findings during the manual review of the codebase. We strongly recommend that any minor severity or higher findings are dealt with promptly prior to the project's launch as they introduce potential misbehaviours of the system as well as exploits.

pie title Total Issues "Major" : 4 "Medium" : 6 "Minor" : 14 "Informational" : 52

The list below covers each segment of the audit in depth and links to the respective chapter of the report:

Next

Compilation