Committed: November 8, 2023
Beanstalk Community Multisig
Remove the convert
function which was vulnerable.
Per the process outlined in the BCM Emergency Response Procedures, the BCM can take swift action to protect Beanstalk in the event of a bug or security vulnerability.
Since Replant and prior to this EBIP, Converts did not validate that the pool being Converted in is whitelisted, which would have allowed an attacker to Convert all Beans in the the Beanstalk contract into their own Bean Deposits (which could then be Withdrawn and sold).
Remove the convert
function until a fix can be implemented and sufficiently audited.
The following ConvertFacet
is removed from Beanstalk:
ConvertFacet
Function ChangesName | Selector | Action | Type | New Functionality |
---|---|---|---|---|
convert |
0xb362a6e8 |
Remove | Call |
None.
None.
Effective immediately upon commitment by the BCM, which has already happened.