DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Submission Details
Severity: low
Invalid

No zero address check for unripeToken

Summary

There is no zero address check for the unripeToken address

Vulnerability Details

Consider this sample contract below:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

library LibChop {
function chop(
address unripeToken,
uint256 amount,
uint256 supply
) internal pure returns (address underlyingToken, uint256 underlyingAmount) {
// This is a simplified chopping logic for demonstration purposes
// In a real implementation, this logic should be more complex
// For the purpose of this PoC, it just returns the input values
return (unripeToken, amount);
}
}

library LibTransfer {
function burnToken(
address token,
uint256 amount,
address from,
LibTransfer.From fromMode
) external pure returns (uint256) {
// This is a simplified burn logic for demonstration purposes
// In a real implementation, this logic should include proper token burning
// For the purpose of this PoC, it just returns the input amount
return amount;
}

enum From {
    ModeA,
    ModeB
}

enum To {
    ModeX,
    ModeY
}

}

interface IBean {
function totalSupply() external view returns (uint256);
}

interface IERC20 {
function sendToken(uint256 amount, address to, LibTransfer.To toMode) external;
}

contract ChopExample {
event Chop(address indexed sender, address unripeToken, uint256 amount, uint256 underlyingAmount);

function chop(
    address unripeToken,
    uint256 amount,
    LibTransfer.From fromMode,
    LibTransfer.To toMode
) external returns (uint256) {
    // Proof of Concept for handling zero address
    require(unripeToken != address(0), "Chop: Invalid token address");

    // burn the token from the msg.sender address
    uint256 supply = IBean(unripeToken).totalSupply();
    amount = LibTransfer.burnToken(IBean(unripeToken), amount, msg.sender, fromMode);

    // get ripe address and ripe amount
    (address underlyingToken, uint256 underlyingAmount) = LibChop.chop(
        unripeToken,
        amount,
        supply
    );

    // send the corresponding amount of ripe token to the user address
    require(underlyingAmount > 0, "Chop: no underlying");
    IERC20(underlyingToken).sendToken(underlyingAmount, msg.sender, toMode);

    // emit the event
    emit Chop(msg.sender, unripeToken, amount, underlyingAmount);
    return underlyingAmount;
}

}

The absence or failure of the zero address check for unripeToken causes the function execution to fail

Impact

This can cause function execution errors, thereby affecting the LibChop.chop logic

Tools Used

VS Code Manual Review

Recommendations

Adding require(unripeToken != address(0), "Chop: Invalid token address"); will remediate this issue

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic
Assigned finding tags:

Informational/Invalid

alchmy0 Submitter
about 1 year ago
giovannidisiena Lead Judge
about 1 year ago
giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Too generic
Assigned finding tags:

Informational/Invalid

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.