Aave DIVA Wrapper

There is a critical mismatch in the order of constructor parameters between the AaveDIVAWrapper contract and its parent AaveDIVAWrapperCore contract.

AaveDIVAWrapperCore Constructor:

constructor(address diva_, address aaveV3Pool_, address owner_) Ownable(owner_) { ... }

AaveDIVAWrapper Constructor:

constructor(address _aaveV3Pool, address _diva, address _owner) AaveDIVAWrapperCore(_aaveV3Pool, _diva, _owner) {}

Impact:

Incorrect Address Assignments:

_diva and _aaveV3Pool Swap: The AaveDIVAWrapper passes aaveV3Pool as the first argument and diva as the second to AaveDIVAWrapperCore, which expects the first argument to be diva and the second to be aaveV3Pool. This results in:

_diva in AaveDIVAWrapperCore being incorrectly set to _aaveV3Pool.

_aaveV3Pool in AaveDIVAWrapperCore being incorrectly set to _diva.

Operational Failures:

Misrouted Interactions: All interactions intended for the DIVA Protocol (_diva) and Aave V3 Pool (_aaveV3Pool) will be directed to the wrong addresses. This disrupts the core functionalities such as:

Creating Pools: Attempts to create contingent pools on what is supposed to be the DIVA Protocol will instead interact with the Aave V3 Pool, leading to transaction failures or unintended behaviors.

Yield Claims: Yield withdrawal operations intended for Aave V3 Pool will erroneously target the DIVA Protocol address, causing yield claims to fail or potentially sending funds to unintended contracts.

Recommendation:

Correct Parameter Order:

Ensure Alignment: The AaveDIVAWrapper constructor should pass parameters to AaveDIVAWrapperCore in the exact order expected.

Updated AaveDIVAWrapper Constructor:

constructor(address _diva, address _aaveV3Pool, address _owner) AaveDIVAWrapperCore(_diva, _aaveV3Pool, _owner) {}

Validation Checks:

Post-Deployment Verification: Implement tests or scripts to verify that _diva and _aaveV3Pool are correctly set post-deployment.