Beanstalk's on-chain governance (`GovernanceFacet` of the Diamond) tallied Stalk voting power from the current-block deposit state with no snapshot, no time-weighted average, and no flash-loan guard. The `emergencyCommit(uint32 bip)` path required only a 2/3 supermajority of Stalk and a 24-hour delay since BIP proposal — but the supermajority was computed against `silo().s.bip[bip].roots` measured at execution time. The attacker proposed BIP-18 (a malicious `init` function that approved transfers of Beanstalk's protocol assets to the attacker), waited the 24-hour proposal window, then in a single transaction: flash-loaned ~$1B in DAI/USDC/USDT from Aave + ~$32M BEAN + ~$12M LUSD, deposited LP into the Silo to mint ~79% of all Stalk, called `emergencyCommit(18)` which delegatecalled the malicious init, drained the BEAN3CRV and BEANLUSD pools, and repaid. Net to attacker: ~$76M after slippage; protocol loss ~$181M.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
Classification: Ecosystem. Technique: Flashloan Governance Attack. Target type: DeFi Protocol. Affected chains: Ethereum. Implementation language: Solidity.
- chain
- ethereum
- protocol
- Beanstalk
- bug_class
- flashloan
- date_occurred
- 2022-04-17
- loss_usd
- $181,000,000
- classification
- Ecosystem
- technique
- Flashloan Governance Attack
- target_type
- DeFi Protocol
- language
- Solidity
- source_id
- dl:631