Aave DIVA Wrapper

Summary

The _redeemWToken function in AaveDIVAWrapperCore contract does not validate whether the user's balance is greater than zero before assigning _userBalance to _wTokenAmountToRedeem when _wTokenAmount equals type(uint256).max. This can result in unnecessary execution of the function, leading to wasted gas costs and unexpected behavior when the user's balance is zero.
https://github.com/Cyfrin/2025-01-diva/blob/main/contracts/src/AaveDIVAWrapperCore.sol#L322

Vulnerability Details

Description

When the _wTokenAmount parameter is set to type(uint256).max, the contract assigns the user's balance (_userBalance) to _wTokenAmountToRedeem without ensuring that _userBalance is greater than zero.

Problematic Code

If _userBalance is zero, the _redeemWTokenPrivate function is still called, leading to unnecessary execution and gas costs. While the burn function in _redeemWTokenPrivate will revert if the _wTokenAmountToRedeem exceeds the balance, this revert could have been avoided earlier in the logic.

Impact

1. Wasted Gas Costs: Calling _redeemWTokenPrivate unnecessarily when _userBalance is zero results in wasted gas for the user.

2. Unnecessary Reverts: The burn function in _redeemWTokenPrivate may revert if _wTokenAmountToRedeem exceeds the user's balance, but this could be avoided earlier in the function.

3. Potential User Confusion: Users might encounter reverts without understanding that their balance is insufficient, leading to a poor user experience.

Tools Used

• Manual Code Review

• Static Analysis

Recommendations

1. Validate _userBalance Before Assignment: Ensure _userBalance is greater than zero before assigning it to _wTokenAmountToRedeem. Example fix:

1. Early Exit for Zero Balance: Revert the transaction early if _userBalance is zero to save gas and avoid unnecessary function calls.