Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Wrong arguments order of AaveDIVAWrapperCore constructor call

bakhankov

Summary

Incorrect order of arguments of AaveDIVAWrapperCore::constructor call at AaveDIVAWrapper::constructor. Which results in smart contract being deployed in a broken state.

Vulnerability Details

The order of arguments of the AaveDIVAWrapperCore::constructor is (address diva_, address aaveV3Pool_, address owner_), but AaveDIVAWrapper calls it with a different order of arguments: (_aaveV3Pool, _diva, _owner). Which is a bug.

Impact

Since the protocol assumes the use of AaveDIVAWrapper in permissionless maner, this will result in smart contracts being deployed in an inoperative state when deployed by external developers.

PoC

Foundry

// SPDX-License-Identifier: MIT

pragma solidity 0.8.26;

import {Test} from "forge-std/Test.sol";

import {AaveDIVAWrapper} from "../src/AaveDIVAWrapper.sol";

contract AaveDIVAWrapperTest is Test {

address aave;

address diva;

AaveDIVAWrapper wrapper;

function setUp() public {

aave = makeAddr("aave");

diva = makeAddr("diva");

// constructor(address _aaveV3Pool, address _diva, address _owner)

// https://github.com/Cyfrin/2025-01-diva/blob/1b6543768c341c2334cdff87b6dd627ee2f62c89/contracts/src/AaveDIVAWrapper.sol#L12

wrapper = new AaveDIVAWrapper(aave, diva, address(this));

}

function testAaveDIVAWrapperConstructor() public view {

// return (_diva, _aaveV3Pool, owner())

// https://github.com/Cyfrin/2025-01-diva/blob/1b6543768c341c2334cdff87b6dd627ee2f62c89/contracts/src/AaveDIVAWrapperCore.sol#L388

(address _diva, address _aave, ) = wrapper.getContractDetails();

assertEq(_aave, aave);

assertEq(_diva, diva);

}

Tools Used

Manual review

Foundry

Recommendations

First. The order of arguments in the call of AaveDIVAWrapperCore::constructor must be corrected.

- constructor(address _aaveV3Pool, address _diva, address _owner) AaveDIVAWrapperCore(_aaveV3Pool, _diva, _owner) {}

+ constructor(address _aaveV3Pool, address _diva, address _owner) AaveDIVAWrapperCore(_diva, _aaveV3Pool, _owner) {}

Second. The order of arguments in the AaveDIVAWrapper::constructor must be consistent in all places in the code where these parameters are accepted or returned.

- constructor(address _aaveV3Pool, address _diva, address _owner) AaveDIVAWrapperCore(_diva, _aaveV3Pool, _owner) {}

+ constructor(address _diva, address _aaveV3Pool, address _owner) AaveDIVAWrapperCore(_diva, _aaveV3Pool, _owner) {}

Updates

Lead Judging Commences

bube Lead Judge 9 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Constructor arguments mismatch

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.