Beanstalk Part 3
Beanstalk
DeFiHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Inefficient Zero-Amount check in addMigratedUnderlying Function

SentientX

Summary

addMigratedUnderlying function can process unneccessary 0 value. This in itself is not a big risk but it can be leveraged in
a sequence of function calls to trigger unwanted behaviour.

Vulnerability Details

The missing check lies in the logic of the addMigratedUnderlying function. The function lacks specific handling for a zero amount scenario.

function addMigratedUnderlying(
address unripeToken,
uint256 amount
) external payable nonReentrant {
LibDiamond.enforceIsContractOwner();
IERC20(s.u[unripeToken].underlyingToken).safeTransferFrom(
msg.sender,
address(this),
amount
);
LibUnripe.incrementUnderlying(unripeToken, amount);
}

  1. function is called with an amount of 0.

  2. function attempts to transfer 0 tokens from the sender to the contract using safeTransferFrom. This typically succeeds in most ERC20 implementations.

  3. incrementUnderlying function is called with amount as 0.

  4. Inside incrementUnderlying, adding 0 to the existing balanceOfUnderlying doesn't modify the balance.

  5. Despite no balance change, a ChangeUnderlying event is emitted with int256(amount), which will be 0.

Impact

Although benign in its impact, missing 0 check allow attackers to log transfers onchain, leading to various phishing attack vectors. Where large holders are target with on-chain spam transactions.
Using address that are similiare in prefix-suffix.

Tools Used

Manual Review

Recommendations

Modify the addMigratedUnderlying function to check for amount equal to 0

Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.