Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Unnecessary Void Constructor Call in AaveDIVAWrapperCore

grimreaper

Summary

The constructor of the AaveDIVAWrapperCore contract calls a void constructor of the Ownable(owner_) contract. This call is unnecessary because the parent constructor does not execute any code, which could lead to confusion and misinterpretation by developers.

Vulnerability Details

In the following constructor from AaveDIVAWrapperCore, the Ownable(owner_) call is redundant:

constructor(address diva_, address aaveV3Pool_, address owner_) Ownable(owner_) {
// Validate that none of the input addresses is zero to prevent unintended initialization with default addresses.
// Zero address check on `owner_` is performed in the OpenZeppelin's `Ownable` contract.
if (diva_ == address(0) || aaveV3Pool_ == address(0)) {
revert ZeroAddress();
}
}

The parent constructor Ownable(owner_) does not execute any meaningful initialization code for AaveDIVAWrapperCore. Including this call can mislead developers into believing that critical setup or state initialization is happening, when in fact, no such operations occur.

By leaving this unnecessary call in place, the following issues arise:

  • Code Clarity: Developers might assume the Ownable(owner_) call performs actions specific to the AaveDIVAWrapperCore initialization, which it does not.

  • Misinterpretation Risk: Auditors or contributors may misinterpret the purpose of this void call, leading to incorrect assumptions about the contract's behavior.

Recommendation

Remove the Ownable(owner_) call in the constructor of AaveDIVAWrapperCore to enhance code clarity and avoid unnecessary complexity. Ensure the functionality provided by the parent Ownable contract is adequately accounted for elsewhere in the codebase if required.

Updated Constructor:

constructor(address diva_, address aaveV3Pool_, address owner_) {
// Validate that none of the input addresses is zero to prevent unintended initialization with default addresses.
// Zero address check on `owner_` is performed in the OpenZeppelin's `Ownable` contract.
if (diva_ == address(0) || aaveV3Pool_ == address(0)) {
revert ZeroAddress();
}
}

This update simplifies the code while retaining the original functionality and preventing unnecessary assumptions about the parent's constructor behavior.

Updates

Lead Judging Commences

bube Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.