Beanstalk Part 3

Beanstalk

DeFiHardhat

21,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

`UnripeFacet::getPercentPenalty` will not revert if called with token other than UNRIPE_BEAN and UNRIPE_LP

NightHawK

Summary

The function UnripeFacet::getPercentPenalty will not revert if it is called with token other than UNRIPE_BEAN and UNRIPE_LP.

Vulnerability Details

The UnripeFacet.sol have multiple functions which are called in the corresponding updater.ts files. Such functions are getRecapFundedPercent and getPercentPenalty. The first function is defined in such way that it reverts when it is given a token which is not UNRIPE_BEAN or UNRIPE_LP. The function below it, the getPercentPenalty function, also takes an unripeToken as an argument, but it does not revert when an unknown token is given.

Impact

The function is used in bean/unripe/updater.ts. If the protocol uses other tokens there will be an unknown call result within the promise. Probability of this to happen is low, so the overall severity of this vulnerability is Low.

Tools Used

Manual Review

Recommendations

Add revert("not supported token"); at the end of the function on Line 247.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

21,000 USDC

nSLOC

1,104

19 USDC / LOC

High Medium

17,900 USDC

Low

1,000 USDC

Judges

2,100 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.