Aave DIVA Wrapper

Summary

The protocol assumes that the Aave pool will never incur losses, which is not entirely accurate. In normal circumstances, Aave's overcollateralization and liquidation mechanisms protect lenders from losses. However, in extreme scenarios (e.g., a black swan event), the following can happen:

• Brutal Price Drop: If the price of a collateral asset drops significantly and suddenly, borrowers' positions may become undercollateralized before liquidators can act.

• Liquidations Fail: If liquidators cannot liquidate positions fast enough, the pool may incur bad debt, meaning the value of the collateral is insufficient to cover the borrowed amount.

In such cases, the total collateral backing the aTokens may decrease, but the total aTokens in circulation remain the same. This creates a mismatch where the value of the underlying assets is less than the value represented by the aTokens.

This means that the 1:1 peg between aTokens and the underlying tokens may not hold, and consequently, the 1:1 peg between aTokens and wTokens in the AaveDIVA contract will also be incorrect.

Although the likelihood of this scenario is low, considering that the AaveDIVA contract is not upgradeable and will likely be deployed once, this risk should be taken into account.

Vulnerability Details

The protocol should ensure that users who supply funds to DIVA via AaveDIVA can at least recover the amount of tokens they supplied (minus fees). However, the current implementation does not account for the possibility of losses in the Aave pool, which could lead to the following issues:

https://github.com/Cyfrin/2025-01-diva/blob/1b6543768c341c2334cdff87b6dd627ee2f62c89/contracts/src/AaveDIVAWrapperCore.sol#L488

1. Yield Calculation Issue:

   • To claim yield, the protocol verifies if the aToken balance of AaveDIVA is greater than the total supply of wrapped tokens and takes the difference as yield.

   • If the peg between aTokens and the underlying tokens is not 1:1 (due to losses in the Aave pool), users' funds may not be fully recoverable. Specifically, 1 wToken might give less than 1 token (minus fees) in such cases.

2. Incorrect Yield Claiming:

   • Since the aToken balance only increases and does not decrease without holder redeem, the protocol will still be able to claim yield even if the Aave pool reserve is in deficit.

   • This means that the protocol could claim yield while users suffer temporary losses, as the yield should ideally be used to absorb the losses in the Aave pool.

Impact

1. User Funds at Risk:

   • In extreme scenarios, users may not be able to recover the full amount of tokens they supplied, as the value of the underlying collateral may have decreased.

   • This undermines the trust users place in the protocol.

2. Incorrect Yield Distribution:

   • The protocol may claim yield even when the Aave pool has incurred losses, leading to an unfair distribution of funds.

   • Users who supplied funds may not receive the full amount they are entitled to, while the protocol claims yield

Tools Used

The vulnerability was identified through a detailed review of the contract code, focusing on the yield calculation and assumptions about the Aave pool.

Recommendations

Validate the aToken-to-Token Peg is at least 1, If not ajust the relation between aToken and wToken before claiming yield