Beanstalk Part 1
Beanstalk
DeFiHardhatOracleProxyUpdates
100,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing zero totalSupply check for unripe token in `getUnderlyingPerUnripeToken`

0xbeastboy

Summary

In The UnripeFacet contract the function getUnderlyingPerUnripeToken(address unripeToken) returns the amount of Ripe Tokens that underly a single Unripe Token. In the calculation, totalSupply of unripeToken is used. If the totalSupply of the unripeToken is zero, it means that there are no tokens minted for that particular unripe token. In such a scenario, if getUnderlyingPerUnripeToken is called, it would result in a division by zero error, which would likely cause the transaction to revert.

Vulnerability Details

Vulnerability lies in below function

function getUnderlyingPerUnripeToken(address unripeToken)
external
view
returns (uint256 underlyingPerToken)
{
underlyingPerToken = s
.u[unripeToken]
.balanceOfUnderlying
.mul(LibUnripe.DECIMALS)
.div(IERC20(unripeToken).totalSupply());
}

Impact

The failure of transactions due to reversion can limit the functionality of UnripeFacet and any transaction attempting to call getUnderlyingPerUnripeToken with an unripe token having zero total supply will fail, preventing further execution of that transaction.

Tools Used

Manual Review

Recommendations

To handle this situation, you can add a check to ensure that the totalSupply is not zero before performing the division operation.

Updates

Lead Judging Commences

giovannidisiena Lead Judge
over 1 year ago
giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

Unripe division by zero

0xtheblackpanther Auditor
over 1 year ago
giovannidisiena Lead Judge
over 1 year ago
giovannidisiena Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational/Invalid

Unripe division by zero

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.