Beanstalk Part 1

Beanstalk

DeFiHardhatOracleProxyUpdates

100,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

No zero address check for unripeToken

alchmy0

Summary

There is no zero address check for the unripeToken address

Vulnerability Details

Consider this sample contract below:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;

library LibChop {
function chop(
address unripeToken,
uint256 amount,
uint256 supply
) internal pure returns (address underlyingToken, uint256 underlyingAmount) {
// This is a simplified chopping logic for demonstration purposes
// In a real implementation, this logic should be more complex
// For the purpose of this PoC, it just returns the input values
return (unripeToken, amount);
}
}

library LibTransfer {
function burnToken(
address token,
uint256 amount,
address from,
LibTransfer.From fromMode
) external pure returns (uint256) {
// This is a simplified burn logic for demonstration purposes
// In a real implementation, this logic should include proper token burning
// For the purpose of this PoC, it just returns the input amount
return amount;
}

enum From {
    ModeA,
    ModeB
}

enum To {
    ModeX,
    ModeY
}

}

interface IBean {
function totalSupply() external view returns (uint256);
}

interface IERC20 {
function sendToken(uint256 amount, address to, LibTransfer.To toMode) external;
}

contract ChopExample {
event Chop(address indexed sender, address unripeToken, uint256 amount, uint256 underlyingAmount);

function chop(
    address unripeToken,
    uint256 amount,
    LibTransfer.From fromMode,
    LibTransfer.To toMode
) external returns (uint256) {
    // Proof of Concept for handling zero address
    require(unripeToken != address(0), "Chop: Invalid token address");

    // burn the token from the msg.sender address
    uint256 supply = IBean(unripeToken).totalSupply();
    amount = LibTransfer.burnToken(IBean(unripeToken), amount, msg.sender, fromMode);

    // get ripe address and ripe amount
    (address underlyingToken, uint256 underlyingAmount) = LibChop.chop(
        unripeToken,
        amount,
        supply
    );

    // send the corresponding amount of ripe token to the user address
    require(underlyingAmount > 0, "Chop: no underlying");
    IERC20(underlyingToken).sendToken(underlyingAmount, msg.sender, toMode);

    // emit the event
    emit Chop(msg.sender, unripeToken, amount, underlyingAmount);
    return underlyingAmount;
}

}

The absence or failure of the zero address check for unripeToken causes the function execution to fail

Impact

This can cause function execution errors, thereby affecting the LibChop.chop logic

Tools Used

VS Code Manual Review

Recommendations

Adding require(unripeToken != address(0), "Chop: Invalid token address"); will remediate this issue

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Too generic

Assigned finding tags:

Informational/Invalid

alchmy0 Submitter

about 1 year ago

giovannidisiena Lead Judge

about 1 year ago

giovannidisiena Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Too generic

Assigned finding tags:

Informational/Invalid

Prize pool breakdown

Total prize

100,000 USDC

nSLOC

5,776

17 USDC / LOC

High Medium

95,000 USDC

Low

5,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.