Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

The order of parameters passed into the constructors of `AaveDIVAWrapper` and `AaveDIVAWrapperCore` is wrong, resulting in project DoS

miaowu311

Summary

The order of parameters passed into the constructors of AaveDIVAWrapper and AaveDIVAWrapperCore is wrong, resulting in project DoS

Vulnerability Details

In the constructor of AaveDIVAWrapper, the order of incoming parameters is AaveDIVAWrapperCore(aaveV3Pool, diva, owner), while in the AaveDIVAWrapperCore constructor, the order of receiving parameters is constructor(address diva, address aaveV3Pool, address owner), which will cause all diva and aaveV3Pool related functions in the project to DoS.

// contracts/src/AaveDIVAWrapper.sol
constructor(address _aaveV3Pool, address _diva, address _owner) AaveDIVAWrapperCore(_aaveV3Pool, _diva, _owner) {}
// contracts/src/AaveDIVAWrapperCore.sol
constructor(address diva_, address aaveV3Pool_, address owner_) Ownable(owner_) {

Impact

All functions related to diva and aaveV3Pool in the project will be Dos.

Tools Used

Manual review

Recommendations

Modify the order of receiving parameters of AaveDIVAWrapperCore constructor to constructor(address aaveV3Pool_, address diva_, address owner_)

Updates

Lead Judging Commences

bube Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Constructor arguments mismatch

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.