Beanstalk Part 3
Beanstalk
DeFiHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

The `UnripeFacet::getPercentPenalty` function returns `0` instead of revert

bube

Summary

The UnripeFacet::getPercentPenalty function returns 0 instead of revert if the input parameter unripeToken is neither C.UNRIPE_BEAN, nor C.UNRIPE_LP.

Vulnerability Details

The UnripeFacet::getPercentPenalty function returns the percent penalty of chopping an unripeToken into its ripe token. The function checks if the input argument unripeToken is C.UNRIPE_BEAN or C.UNRIPE_LP.

function getPercentPenalty(address unripeToken) external view returns (uint256 penalty) {
@> if (unripeToken == C.UNRIPE_BEAN) {
return LibUnripe.getPenalizedUnderlying(
unripeToken,
LibUnripe.DECIMALS,
IERC20(unripeToken).totalSupply()
);
}
@> if (unripeToken == C.UNRIPE_LP) {
return LibUnripe.getTotalRecapitalizedPercent()
.mul(LibUnripe.getTotalRecapitalizedPercent())
.div(LibUnripe.DECIMALS);
}
}

The problem is that the function doesn't handle the case in which the input parameter unripeToken is incorrect and the both if statements are false. In that case the return value of penalty will be 0.

Impact

If the getPercentPenalty function returns 0 instead of reverting, it implies that the penalty is zero percent for the given unripeToken that doesn't match C.UNRIPE_BEAN or C.UNRIPE_LP. This could be misleading if the intention is to indicate that the token is not supported.
If the function returns 0, the users will think that there is no penalty for chopping the provided unripeToken while the given unripeToken is incorrect.

Tools Used

Manual Review

Recommendations

Revert (like in UnripeFacet::getRecapFundedPercent) if the unripeToken is neither C.UNRIPE_BEAN, nor C.UNRIPE_LP.

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.