DittoETH

Ditto

DeFiFoundryOracle

55,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

missing zero check

akriosss

Summary

missing zero check

Vulnerability Details

"missing zero check" is found in the unstake function of the contract. This function burns a certain amount of rETH tokens and then sends the equivalent ETH value to a specified address. However, there is no check to ensure that the amount parameter is greater than zero. This means that a user could potentially call this function with an amount of zero, causing the function to burn zero rETH tokens and send zero ETH. This would not only waste gas but could also potentially cause unexpected behavior in other parts of the contract or system. It is recommended to add a requirement at the beginning of the function to ensure that amount is greater than zero.

Tools Used

Vs code
##Recommendation
To resolve this issue, you should add a check at the beginning of the unstake function to ensure that the amount parameter is greater than zero. This can be done using the require function in Solidity, which will revert the transaction if the condition is not met. Here is how you can implement this:

function unstake(address to, uint256 amount) external onlyDiamond {

require(amount > 0, "Amount must be greater than zero");

IRocketTokenRETH rocketETHToken = _getRethContract();

uint256 rethValue = rocketETHToken.getRethValue(amount);

uint256 originalBalance = address(this).balance;

rocketETHToken.burn(rethValue);

uint256 netBalance = address(this).balance - originalBalance;

if (netBalance == 0) revert NetBalanceZero();

(bool sent,) = to.call{value: netBalance}("");

assert(sent);

}

This will ensure that the function cannot be called with an amount of zero, preventing the potential waste of gas and any unexpected behavior that could arise from this.

Updates

Lead Judging Commences

0xnevi Lead Judge

over 1 year ago

0xnevi Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: User input validation

Prize pool breakdown

Total prize

55,000 USDC

nSLOC

3,365

16 USDC / LOC

High Medium

50,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.