Beanstalk Part 2

Beanstalk

DeFiHardhat

35,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Potential division by zero in `LibFertilizer::addUnderlying` function

bube

Summary

The LibFertilizer::addUnderlying function is vulnerable to a division by zero error. This occurs when the remainingRecapitalization function returns zero, indicating that no additional capital is needed.

Vulnerability Details

The LibFertilizer::addUnderlying function calculates the percentToFill:

function addUnderlying(uint256 tokenAmountIn, uint256 usdAmount, uint256 minAmountOut) internal {

AppStorage storage s = LibAppStorage.diamondStorage();

// Calculate how many new Deposited Beans will be minted

@> uint256 percentToFill = usdAmount.mul(C.precision()).div(remainingRecapitalization());

...

}

But when calculating this variable there is a possibility for division by zero error. This is due to the remainingRecapitalization function:

function remainingRecapitalization()

internal

view

returns (uint256 remaining)

{

AppStorage storage s = LibAppStorage.diamondStorage();

uint256 totalDollars = C

.dollarPerUnripeLP()

@> .mul(C.unripeLP().totalSupply())

.div(DECIMALS);

totalDollars = totalDollars / 1e6 * 1e6; // round down to nearest USDC

@> if (s.recapitalized >= totalDollars) return 0;

return totalDollars.sub(s.recapitalized);

}

The LibFertilizer::remainingRecapitalization function can return 0 if s.recapitalized >= totalDollars.
Also, if C.unripeLP().totalSupply() is 0, then the totalDollars will be also 0. The totalDollars is uint256. So the line totalDollars.sub(s.recapitalized) will have an underflow issue.

Impact

If LibFertilizer::remainingRecapitalization() function returns zero, the division operation in the LibFertilizer::addUnderlying function will cause a revert, halting the execution of the addUnderlying function and any transaction that invokes it.

Also, if the totalSupply in the LibFertilizer::remainingRecapitalization() is 0, the totalDollars will be 0 and the function will have an underflow issue.

Tools Used

Manual Review

Recommendations

Implement a check before the division in the LibFertilizer::addUnderlying function to ensure that the returned value of remainingRecapitalization is greater than zero:

function addUnderlying(uint256 tokenAmountIn, uint256 usdAmount, uint256 minAmountOut) internal {

AppStorage storage s = LibAppStorage.diamondStorage();

// Calculate how many new Deposited Beans will be minted

+ if (remainingRecapitalization() > 0) {

uint256 percentToFill = usdAmount.mul(C.precision()).div(remainingRecapitalization());

+ }

...

}

Also, ensure that the totalSupply in LibFertilizer::remainingRecapitalization is not 0 and this line return totalDollars.sub(s.recapitalized); will not cause an underflow issue.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

Informational/Invalid

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

1,991

18 USDC / LOC

High Medium

30,000 USDC

Low

1,500 USDC

Judges

3,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.