Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Race Condition Vulnerability in Pool State Validation Before Aave Supply

bryanconquer

Summary
The `_handleTokenOperations` function transfers the collateral tokens from the caller to the contract and then proceeds to supply them to Aave. However, there is a gap between when the collateral token is validated and transferred, and when it is actually used in the Aave supply process. During this time, the pool's status can potentially be changed by an attacker (e.g., the pool can be deactivated, altered, or its conditions modified).

As a result, the contract does not verify whether the pool is still active immediately before the tokens are supplied to Aave, creating a security vulnerability. An attacker could exploit this time gap to modify the state of the pool, causing the contract to proceed with an invalid or incorrect operation.

Vulnerability Details
https://github.com/Cyfrin/2025-01-diva/blob/1b6543768c341c2334cdff87b6dd627ee2f62c89/contracts/src/AaveDIVAWrapperCore.sol#L423

A potential security vulnerability exists in the contract due to a gap between the validation of collateral tokens and their subsequent use in Aave's supply function. During this gap, the state of the pool could be altered by an attacker, leading to a situation where tokens are supplied to Aave under invalid conditions. This vulnerability could result in unintended behavior, including the use of invalid collateral or failure to meet pool conditions.

Impact

Potential Loss of Funds: If the pool is deactivated or altered by an attacker before the collateral is supplied, the transaction may proceed under incorrect or invalid assumptions, potentially causing the loss of tokens.

Security Risk: The gap in the validation and supply process could be exploited by malicious actors, leading to unauthorized manipulation of the contract’s operations.

Tools Used
manual review

Recommendations
Introduce an additional check before the supply to Aave to ensure that the pool is still active and in a valid state. This can be done by adding a flag like `isPoolActive` to track the pool's status, and requiring that the pool is active before proceeding with any token operations.

// Ensure that the pool is still active before proceeding with Aave supply

require(isPoolActive, "Pool is no longer active");

// Proceed with collateral transfer and supply to Aave

Updates

Lead Judging Commences

bube Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.