In The UnripeFacet
contract the function getUnderlyingPerUnripeToken(address unripeToken)
returns the amount of Ripe Tokens that underly a single Unripe Token. In the calculation, totalSupply of unripeToken is used. If the totalSupply of the unripeToken is zero, it means that there are no tokens minted for that particular unripe token. In such a scenario, if getUnderlyingPerUnripeToken is called, it would result in a division by zero error, which would likely cause the transaction to revert.
Vulnerability lies in below function
The failure of transactions due to reversion can limit the functionality of UnripeFacet
and any transaction attempting to call getUnderlyingPerUnripeToken
with an unripe token having zero total supply will fail, preventing further execution of that transaction.
Manual Review
To handle this situation, you can add a check to ensure that the totalSupply is not zero before performing the division operation.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.