Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Missing Slippage Protection _redeemPositionToken

teoslaf

Summary

The _redeemPositionToken function in the AaveDIVAWrapperCore contract lacks slippage protection, exposing users to risks from unexpected price changes, front-running (MEV attacks), and protocol-specific fees. The absence of a minimum return check leaves users vulnerable to receiving significantly less collateral than expected, which could result in financial losses.

Vulnerability Details

The issue lies in the _redeemPositionToken function, where the returned amount of collateral (_amountReturned) from _redeemWTokenPrivate is not validated against a user-defined minimum expected amount. This flaw creates the following risks:

Price Fluctuations: Market volatility can result in the collateral amount decreasing during the transaction, leaving users with less than anticipated.
Protocol Fees: Unexpected fees or deductions during the redemption process may reduce the final returned amount, and users have no recourse to avoid these losses.

MEV Attacks: Malicious actors can front-run redemption transactions and manipulate market conditions to reduce the value of the redeemed collateral.Impact

The code currently does not include any safeguard for slippage:

function _redeemPositionToken(...) internal {

uint256 _amountReturned = _redeemWTokenPrivate(...);

return _amountReturned; // ❌ No check against expected amount

}

Impact

User Fund Loss: Users may receive far less collateral than expected.
Exploitation by MEV Bots: Attackers could manipulate market conditions to profit from user transactions.
Loss of Trust: Users might lose confidence in the protocol if their transactions result in unexpected financial losses.

Tools Used

Manual Code Review

Recommendations

Implement Minimum Return Checks:
- Introduce a parameter for minExpectedAmount to define the minimum acceptable amount of collateral to be returned.
- Revert the transaction if _amountReturned is below minExpectedAmount.
Dynamic Slippage Tolerance:
- Allow users to specify their slippage tolerance as a percentage.
- Calculate the minExpectedAmount dynamically in the frontend or based on current market conditions.
Validate Amount on Frontend:
- Ensure the frontend calculates the expected return amount and enforces slippage limits before submitting the transaction.
Code Fix Example:

function _redeemPositionToken(

uint256 _minExpectedAmount,

...

) internal returns (uint256) {

uint256 _amountReturned = _redeemWTokenPrivate(...);

// Ensure the amount returned meets or exceeds the minimum expected

require(_amountReturned >= _minExpectedAmount, "Slippage exceeded");

return _amountReturned;

}

Updates

Lead Judging Commences

bube Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.