Skip to content

Latest commit

 

History

History
63 lines (38 loc) · 2.09 KB

ebip-12-remove-convert.md

File metadata and controls

63 lines (38 loc) · 2.09 KB
Raw

EBIP-12: Remove Convert

Committed: November 8, 2023

Submitter

Beanstalk Community Multisig

Summary

Remove the convert function which was vulnerable.

Links

Per the process outlined in the BCM Emergency Response Procedures, the BCM can take swift action to protect Beanstalk in the event of a bug or security vulnerability.

Problem

Since Replant and prior to this EBIP, Converts did not validate that the pool being Converted in is whitelisted, which would have allowed an attacker to Convert all Beans in the the Beanstalk contract into their own Bean Deposits (which could then be Withdrawn and sold).

Solution

Remove the convert function until a fix can be implemented and sufficiently audited.

Contract Changes

Convert Facet

The following ConvertFacet is removed from Beanstalk:

ConvertFacet Function Changes

Name Selector Action Type New Functionality
convert 0xb362a6e8 Remove Call

Event Changes

None.

Beans Minted

None.

Effective

Effective immediately upon commitment by the BCM, which has already happened.