BIR-8: Root Permit Redemption Griefing

Proposed: January 2, 2024

Status: Passed

Link: Snapshot


Beanstalk Immunefi Committee



Expected Behavior

The redeemWithFarmBalancePermit function in the Root contract utilizes the permit function so that approve and redeem operations can happen in a single transaction.


ERC20Permit uses the nonces mapping for replay protection. Once a signature is verified and approved, the nonce increases, invalidating the same signature being replayed.

redeemWithFarmBalancePermit expects the holder to sign their tokens and provide the signature to the contract as part of the permit data. When a redeemWithFarmBalancePermit transaction is in the mempool, an attacker can take this signature and call the permit function on the token themselves.

Since this is a valid signature, the token accepts and increases the nonce. This makes the spender's transaction fail whenever it gets mined.


Based on the bug bounty program, this submission's ( Smart Contract - Medium ) reward is based on a set of internal criteria established by the BIC (with a minimum reward of USD 1 000), primarily taking into account the exploitability of the bug, the impact it causes and likelihood of the vulnerability presenting itself.

The BIC determined that the impact of this issue is low given the that the Root contract is not functional (Roots cannot be redeemed as a result of the Beanstalk Silo V3 upgrade) and the low value of assets in the contract.

Given this, the BIC has determined that this report qualifies for a reward of 1,000 Beans.

Beans Minted

The init function on the following InitMint contract is called:

We propose 1,000 Beans are minted to the following address in order to pay the bounty to the whitehat:

We propose 100 Beans are minted to the following address in order to pay the 10% fee to Immunefi: