Beanstalk

Findings · 13

1. 1 Attackers could mint more Fertilizer than intended due to an unused variable Medium
2. 2 Lack of a two-step process for ownership transfer High
3. 3 Possible underflow could allow more Fertilizer than MAX_RAISE to be minted Medium
4. 4 Risk of Fertilizer id collision that could result in loss of funds High
5. 5 The sunrise() function rewards callers only with the base incentive Medium
6. 6 Solidity compiler optimizations can be problematic Informational
7. 7 Lack of support for external transfers of nonstandard ERC20 tokens Informational
8. 8 Plot transfers from users with allowances revert if the owner has an existing pod listing Low
9. 9 Users can sow more Bean tokens than are burned High
10. 10 Pods may never ripen Undetermined
11. 11 Bean and the oer backing it are strongly correlated Undetermined
12. 12 Ability to whitelist assets uncorrelated with Bean price, misaligning governance incentives Undetermined
13. 13 Unchecked burnFrom return value Informational

Findings extracted from the published report PDF. See the full report below for details and remediation.