Beanstalk Part 3
Beanstalk
DeFiHardhat
21,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Zero Amount Check Vulnerability in pick Function

SentientX

Summary

function pick does not have a for zero amounts check. This could potentially lead to unintended behavior or even exploitation.

Vulnerability Details

The vulnerability lies in the function pick, which does not contain a check to ensure that the amount being processed is not zero. Without this check, the function could mistakenly execute transactions with zero amounts, leading to unexpected behavior.

function pick(
address token,
uint256 amount,
bytes32[] memory proof,
LibTransfer.To mode
) external payable nonReentrant {
bytes32 root = s.u[token].merkleRoot;
require(root != bytes32(0), "UnripeClaim: invalid token");
require(!picked(msg.sender, token), "UnripeClaim: already picked");
bytes32 leaf = keccak256(abi.encodePacked(msg.sender, amount));
require(MerkleProof.verify(proof, root, leaf), "UnripeClaim: invalid proof");
s.unripeClaimed[token][msg.sender] = true;
LibTransfer.sendToken(IERC20(token), amount, msg.sender, mode);
emit Pick(msg.sender, token, amount);
}

Impact

The potential impacts vary but it opens up an attack vector:

  1. Loss of funds: Transactions with zero amounts could result in the loss of tokens or ETH.

  2. Unexpected behavior: Zero amount transactions might trigger unintended side effects within the contract or the broader system.

  3. Exploitation: Malicious actors could potentially exploit this vulnerability to manipulate the contract or extract value in unexpected ways.

Tools Used

Manual review

Recommendations

require(amount > 0, "UnripeClaim: amount must be greater than zero");
Updates

Lead Judging Commences

giovannidisiena Lead Judge about 1 year ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.