Proposed: October 30, 2023
Status: Passed
Link: Snapshot
Beanstalk Immunefi Committee
When determining how many Beans/Soil to mint, Beanstalk calculated the price of ETH in USD using the instantaneous price from the Chainlink ETH/USD data feed and compared it 15 minute TWA prices in the ETH:USDC and ETH:USDT 0.05% fee Uniswap V3 pools.
When minting Beans during a gm call, Beanstalk compared this USD price of ETH with the TWA reserves of Beans and ETH in Multi Flow to calculate the TWA deltaB in the BEANETH Well. Because the Chainlink price in the former was not time weighted, the TWA deltaB calculated at the end of the Season would be higher than necessary if the ETH price was increasing. Similarly, the TWA deltaB calculated at the end of the Season would be lower than necessary if the ETH price was decreasing.
Add support for querying a time weighted average (TWA) ETH/USD price from Chainlink.
Upgrade the ETH/USD price that the Well minting oracle uses to:
This was fixed in EBIP-11.
Based on the Immunefi Bug Bounty Program, this submission's reward is capped at the lower of (a) 10% of practicable economic damage, or (b) 10,000 Beans. Bug reports that do not come with a PoC and code implementing a fix may qualify for a maximum of up to 30% of said reward.
The BIC determined that it is not possible to calculate the funds at risk or practicable economic damage for this issue given that it is not exploitable by a malicious actor and is only realized via ETH price changes.
However, despite the issue not being exploitable and the report not including code implementing a fix, the BIC has determined that this particular bug report be rewarded 10,000 Beans given the significance of the issue.
The init function on the following InitMint contract is called:
We propose 10,000 Beans are minted to the following address in order to pay the bounty to the whitehat:
We propose 1,000 Beans are minted to the following address in order to pay the 10% fee to Immunefi: