Committed: October 25, 2022
Beanstalk Community Multisig
Per the process outlined in the BCM Emergency Response Procedures, an emergency hotfix may be implemented by an emergency vote of the BCM if the bug is minor and does not require significant code changes.
This bug was reported by a whitehat on Immunefi.
Farmers could cancel Pod Listings on behalf of Farmers by calling the fillPodListing(...)
function with an input beanAmount = 0
.
This bug would not have resulted in any loss of funds.
Add the following check: require(amount > 0, "Marketplace: Must fill > 0 Pods.");
The fix has been reviewed by Halborn.
The following callable functions are modified in Beanstalk:
Name | Selector | Facet |
---|---|---|
fillPodListing |
0x1aac9789 |
MarketplaceFacet |
Effective immediately upon commit by the BCM, which has already happened.