Aave DIVA Wrapper

Summary

The WToken.sol contract assigns the _owner address in the constructor. This address, passed during deployment, is intended to be the AaveDIVAWrapper contract, which is responsible for managing the wrapped token’s core functionalities, such as minting and burning.

However, the contract does not provide a mechanism to update the owner. If a vulnerability is discovered in AaveDIVAWrapper or if an upgrade is required, the protocol must redeploy both the wrapper and the WToken contract, leading to operational disruption and potential fund loss.

Vulnerability Details

• Code Reference: WToken.sol: constructor

• Since the _owner address cannot be updated, any change in the AaveDIVAWrapper contract (e.g., due to security issues or upgrades) requires a complete redeployment of WToken.sol.

Impact

Consider the following failure scenario:

1. The protocol deploys AaveDIVAWrapper and WToken with the wrapper set as _owner.

2. An exploit is discovered in AaveDIVAWrapper, necessitating an urgent redeployment.

3. Since the protocol does not use upgradeable contracts, a new AaveDIVAWrapper contract is deployed with fixes.

4. The new wrapper **cannot operate the existing **WToken because the owner remains the outdated (and possibly compromised) AaveDIVAWrapper.

5. The protocol is effectively unusable unless a new WToken is deployed, breaking existing integrations and potentially leading to loss of funds for users relying on the old contract.

• The impact on the usage of the protocol is HIGH as without the WToken contract, the protocol is unusable.

• The likelihood is LOW as this is an unlikely scenario to unfold.

Given the high impact but low probability, this issue is classified as Medium Severity.

Tools Used

Manual Review

Recommendations

Introduce an setOwner** function** to allow controlled updates to the owner. This prevents the need for contract redeployment while maintaining security.