BIR-3: transferTokenFrom External Balances

Proposed: November 23, 2022

Status: Passed

Link: Snapshot


Beanstalk Immunefi Committee

Bug Bounty Process Note

Per the process outlined in BIR Execution, once a BIR passes, the Beanstalk Community Multisig (BCM) executes it by:


In transferTokenFrom(...), only the allowance for Farm (INTERNAL) balances from msg.sender was checked, not Circulating (EXTERNAL) balances. Therefore, anyone could successfully call the transferTokenFrom(...) function with EXTERNAL as fromMode, their own address as recipient and the address of a Farmer who had Circulating assets that were approved to be used by Beanstalk as sender.


Change transferTokenFrom(...) to transferInternalTokenFrom(...) such that the function always transfers with INTERNAL fromMode.

This was fixed in EBIP-6.


The BIC determined that:

While the purpose of the bug bounty program is to increase the security of Beanstalk and is not necessarily concerned with non-Bean assets outside of Beanstalk, the BIC acknowledges that a large portion of the funds at risk due to this vulnerability fall into the latter category.

Given this, the BIC has determined that the Bean portion of the funds at risk be rewarded the full 10% reward and the remaining non-Bean assets outside of Beanstalk at risk be rewarded 5%:

537,000 0.1 + ((3,100,000 - 537,000) 0.05) = 181,850 Beans.

Beans Minted

The init function on the following InitMint contract is called:

We propose 181,850 Beans are minted to the following address in order to pay the bounty to the whitehat:

We propose 18,185 Beans are minted to the following address in order to pay the 10% fee to Immunefi: