BIR-2: V1 Pod Order Backwards Compatibility

Proposed: November 18, 2022

Status: Passed

Link: Snapshot

• Proposer
• Bug Bounty Process Note
• Links
• Bug
• Fix
• Determination
• Bounty Amount

Proposer

Beanstalk Immunefi Committee

Bug Bounty Process Note

Per the process outlined in BIR Execution, once a BIR passes, the Beanstalk Community Multisig (BCM) executes it by:

• Minting Beans to the whitehat's address in order to cover the bug bounty; and
• Minting Beans to Immunefi's address in order to cover the 10% fee.

Links

• Gnosis Transaction
• EBIP-4: Remove V1 Pod Order Functions

Bug

Cancelling V1 Pod Orders that were created before and Cancelled after BIP-29 was committed would return the number of Pods Ordered in Beans times the price per Pod, rather than the Beans initially locked in the V1 Pod Order.

Fix

Update s.podOrders[id] for the ids of the 3 remaining V1 Pod Orders from the number of Pods Ordered to the number of Beans locked. This was fixed in EBIP-6.

Notably, because the whitehat returned the extra 9,228.946824 Beans they received from Cancelling their Pod Order to Beanstalk (see return transaction), no Beans need to be minted to Beanstalk as part of the fix.

Determination

As described in EBIP-4, this bug would have only resulted in an excess of ~105,121 Beans being distributed to the 3 remaining addresses that created a V1 Pod Order before BIP-29 was committed. This loss would have only been realized if Farmers withdrew all remaining assets from Beanstalk (Farm balances, the Silo, etc.).

Note: the report did not come with a Proof of Concept nor code implementing the fix.

• Potential practicable economic damage: None, due to the reasons regarding the likelihood of losses being realized outlined above.
• Impact: Medium (Smart contract unable to operate due to lack of token funds)
• Entitled to reward: Yes

Bounty Amount

• 11,000 Beans will be minted to the whitehat's address for the bounty; and
• 1,100 Beans will be minted to Immunefi's address in order to cover the 10% fee.