- Total Pool - $21,000
- H/M - $17,900
- Low - 1,000
- Community Judging - $2,100
- Starts: Monday, May 6, 2024 Noon UTC
- Ends: Monday, May 20, 2024 Noon UTC
- nSLOC: 1,104
- Complexity Score: 818
- $/nSLOC: $19.02
- $/Complexity: $25.67
Beanstalk is a permissionless fiat stablecoin protocol built on Ethereum. Its primary objective is to incentivize independent market participants to regularly cross the price of 1 Bean over its dollar peg in a sustainable fashion.
Beanstalk does not have any collateral requirements. Beanstalk uses credit instead of collateral to create Bean price stability relative to its value peg of $1. The practicality of using DeFi is currently limited by the lack of decentralized low-volatility assets with competitive carrying costs. Borrowing rates on USD stablecoins have historically been higher than borrowing rates on USD, even when supply increases rapidly. Non-competitive carrying costs are due to collateral requirements.
In particular, this audit is centered around the changes included in the Misc. Improvements BIP described in the PR comment here. The diff from this PR may be helpful to review in order to understand exactly which code in this audit is new and unaudited.
You can read an overview of how Beanstalk works here.
- Stalkholder / Silo Member
- Anyone who Deposits assets on the Deposit Whitelist into the Silo, earning the illiquid Stalk token in doing so. Stalkholders participate in governance and earn Bean seigniorage.
gm
caller- Anyone who calls the
gm
function to start the next Season.
- Anyone who calls the
- Unripe holder
- Anyone who holds Unripe Beans or Unripe LP. These assets were distributed to holders of BDV (Bean Denominated Value) at the time of the April 2022 governance exploit. Most Unripe holders have their Unripe assets Deposited in the Silo, and thus are also Stalkholders.
- Fertilizer holder
- Anyone who holds Fertilizer, the debt asset earned by participating in Beanstalk's recapitalization.
- Pod holder
- Anyone who holds Pods, the Beanstalk-native debt asset. Pods are minting when lending Beans to Beanstalk (Sowing Beans).
The following contracts are in scope.
protocol/
└── contracts/
├── beanstalk/
│ ├── barn/
│ │ └── UnripeFacet.sol
│ ├── silo/
│ │ └── ConvertFacet.sol
│ └── sun/
│ └── SeasonFacet/
│ └── Sun.sol
└── libraries/
├── Convert/
│ ├── LibChopConvert.sol
│ ├── LibConvert.sol
│ ├── LibConvertData.sol
│ └── LibLambdaConvert.sol
├── LibChop.sol
├── LibFertilizer.sol
├── LibStrings.sol
├── LibUnripe.sol
└── Minting/
└── LibWellMinting.sol
Beanstalk implements the ERC-2535 Diamond standard. It supports various whitelists for Deposits, Minting, Converts, etc., particularly for LP tokens from Basin.
Blockchains:
- Ethereum
Tokens:
- ERC-20 (all are accepted in Farm balances, a whitelist is accepted on the Deposit Whitelist, etc.)
- ERC-1155 (Fertilizer and Deposits are ERC-1155 tokens)
Clone repo:
git clone https://github.com/Cyfrin/2024-05-Beanstalk-3
Install dependencies:
cd 2024-05-Beanstalk-3/protocol
yarn
Add RPC:
export FORKING_RPC=https://eth-mainnet.g.alchemy.com/v2/{RPC_KEY}
generate:
yarn generate
Test:
yarn test
All findings in the following resources are considered known issues:
- All Beanstalk audit reports listed in this repository;
- All bug reports from the Immunefi program listed here;
- All reports and known issues in past Beanstalk Codehawks audits:
- Additional Known issues as identified by LightChaser's Static Analysis found here.