BIR-19: Odd Token Wells

Proposer

Beanstalk Immunefi Committee

Summary

Reward 3,000 Beans to the whitehat that reported the issue where Wells with an odd number of reserves (for example, a 3 token Well) can no longer be used after one interaction post-deployment.

Bug

After deploying an odd reserve Well and a interacting with it once (i.e., adding liquidity), any future interactions with the Well will revert due to the memory storage implemented by LibBytes.storeUint128() copying and saving the wrong token value.

Fix

Update the LibBytes.storeUint128() function to properly store the reserves in the correct slots. Pull request here.

Determination

No odd reserve Wells have ever been deployed nor are intended to be deployed in the near future. Given that the practicable economic damage is zero as a result of the low likelihood of this hypothetical situation occurring, the BIC has determined that this bug report be rewarded 3,000 Beans.