Beanstalk Part 2

Beanstalk

DeFiHardhat

35,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Division by zero will revert the transaction

kind0devpro

Summary

In the addUnderlying function, the division by zero issue can also arise if the remainingRecapitalization() function returns a value of zero, which is used as the divisor in the division operation within the addUnderlying function.

Vulnerability Details

Here, remainingRecapitalization() is called to obtain the divisor for the division operation. If the remainingRecapitalization() function returns zero due to certain conditions or incorrect state, division by zero will occur, leading to a revert of the transaction.

uint256 percentToFill = usdAmount.mul(C.precision()).div(

remainingRecapitalization()

);

Impact

The potential impacts of the remainingRecapitalization() function returning zero or a mistaken zero result, and subsequently being used in the addUnderlying(), addFertilizer(), and mintFertilizer() functions, can be significant. Here are some potential impacts:

Inaccurate Calculation of Token Amounts: If the remainingRecapitalization() function returns zero when it should not, it could lead to inaccurate calculations of token amounts in the addUnderlying(), addFertilizer(), and mintFertilizer() functions. This could result in incorrect amounts of tokens being added as underlying assets or fertilizers, leading to imbalances in the system.
Unexpected Behavior and Vulnerabilities: Inaccurate calculation of token amounts due to a mistaken zero result from remainingRecapitalization() could lead to unexpected behavior in the contract. For example, it could allow users to mint more fertilizer tokens than what's actually available for recapitalization, potentially leading to vulnerabilities such as economic exploits or loss of user funds.
Contract Reverts and Transaction Failures: If division by zero occurs due to a mistaken zero result from remainingRecapitalization(), it will cause the transaction to revert. This can disrupt user interactions with the contract and lead to frustration and loss of gas fees for users.

Tools Used

Manual Review

Recommendations

To address this potential issue, it's essential to ensure that the remainingRecapitalization() function always returns a non-zero value when called. This can be achieved by properly initializing relevant state variables and ensuring that the contract's logic is correctly implemented to prevent situations where the recapitalization amount becomes zero when it should not be.

uint256 recapitalization = remainingRecapitalization();

require(recapitalization != 0, "Recapitalization amount cannot be zero");

uint256 percentToFill = usdAmount.mul(C.precision()).div(recapitalization);

Updates

Lead Judging Commences

giovannidisiena Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

Informational/Invalid

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

1,991

18 USDC / LOC

High Medium

30,000 USDC

Low

1,500 USDC

Judges

3,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.