EBIP-4: Remove V1 Pod Order Functions

Committed: November 12, 2022

• Submitter
• Emergency Process Note
• Links
• Problem
• Solution
• Contract Changes
• Effective

Submitter

Beanstalk Community Multisig

Emergency Process Note

Per the process outlined in the BCM Emergency Response Procedures, an emergency hotfix may be implemented by an emergency vote of the BCM if the bug is minor and does not require significant code changes.

This bug was reported by a whitehat on Immunefi.

Links

• Gnosis Transaction
• Etherscan Transaction

Problem

A bug regarding the backwards compatibility of V1 Pod Orders was reported and the corresponding vulnerability was confirmed by the BIC.

Cancelling V1 Pod Orders that were created before and Cancelled after BIP-29 was committed would return the number of Pods Ordered in Beans times the price per Pod, rather than the Beans initially locked in the V1 Pod Order.

There were 4 outstanding V1 Pod Orders at the time that BIP-29 was committed. One of these V1 Pod Orders was Cancelled by the whitehat (transaction here), returning them 10,254.38536 Beans instead of 1,025.438536 Beans.

Funds at Risk

The total funds at risk due to this vulnerability (i.e., not including the Beans initially locked in the V1 Pod Orders, and including the additional Beans obtained by the whitehat) was 105,121.305097 Beans. Notably, only the respective addresses that created these V1 Pod Orders could have Cancelled them to take advantage of this vulnerability.

Solution

Remove the createPodOrder(...), fillPodOrder(...) and cancelPodOrder(...) functions until a fix can be sufficiently reviewed.

Contract Changes

MarketplaceFacet

The following MarketplaceFacet is still part of Beanstalk:

• 0x0c9F436FBEf08914c1C68fe04bD573de6e327776

The following functions are removed from MarketplaceFacet:

Effective

Effective immediately upon commit by the BCM, which has already happened.