Beanstalk Immunefi Committee
Reward 3,000 Beans to the whitehat that reported the issue where Wells with an odd number of reserves (for example, a 3 token Well) can no longer be used after one interaction post-deployment.
After deploying an odd reserve Well and a interacting with it once (i.e., adding liquidity), any future interactions with the Well will revert due to the memory storage implemented by LibBytes.storeUint128()
copying and saving the wrong token value.
Update the LibBytes.storeUint128()
function to properly store the reserves in the correct slots. Pull request here.
No odd reserve Wells have ever been deployed nor are intended to be deployed in the near future. Given that the practicable economic damage is zero as a result of the low likelihood of this hypothetical situation occurring, the BIC has determined that this bug report be rewarded 3,000 Beans.