Proposed: November 23, 2022
Beanstalk Immunefi Committee
Per the process outlined in BIR Execution, once a BIR passes, the Beanstalk Community Multisig (BCM) executes it by:
transferTokenFrom(...), only the allowance for Farm (
INTERNAL) balances from
msg.sender was checked, not Circulating (
EXTERNAL) balances. Therefore, anyone could successfully call the
transferTokenFrom(...) function with
fromMode, their own address as
recipient and the address of a Farmer who had Circulating assets that were approved to be used by Beanstalk as
transferInternalTokenFrom(...) such that the function always transfers with
This was fixed in EBIP-6.
The BIC determined that:
While the purpose of the bug bounty program is to increase the security of Beanstalk and is not necessarily concerned with non-Bean assets outside of Beanstalk, the BIC acknowledges that a large portion of the funds at risk due to this vulnerability fall into the latter category.
Given this, the BIC has determined that the Bean portion of the funds at risk be rewarded the full 10% reward and the remaining non-Bean assets outside of Beanstalk at risk be rewarded 5%:
537,000 0.1 + ((3,100,000 - 537,000) 0.05) = 181,850 Beans.
init function on the following
InitMint contract is called:
We propose 181,850 Beans are minted to the following address in order to pay the bounty to the whitehat:
We propose 18,185 Beans are minted to the following address in order to pay the 10% fee to Immunefi: