The batch functions in the AaveDIVAWrapper
contract, such as batchAddLiquidity, batchRemoveLiquidity, and batchClaimYield, accept unbounded array inputs, which are processed in a for
loop without any size restrictions. For example, in batchAddLiquidity
:
If the _addLiquidityArgs
array is excessively large, the loop will consume significant gas, potentially exceeding the block gas limit. This causes the transaction to revert, resulting in a denial of service (DoS) for users or system disruptions. Furthermore, if state-modifying operations occur before the revert, the contract's state may become inconsistent, as some operations execute while others fail, leading to accounting errors or incomplete updates.
The primary impact is a gas limit DoS vulnerability, where an attacker can submit a large input array to intentionally trigger transaction failures, blocking user operations or causing partial updates that disrupt the contract's state.
Introduce a fixed maximum batch size (e.g., MAX_BATCH_SIZE
) and validate input arrays using require
to reject overly large arrays before execution.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.