Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Potential Denial of Service in Batch Operations Due to Lack of Size Limits in AaveDIVAWrapper.sol

nomadic_bear

Summary

The AaveDIVAWrapper contract implements batch operations for multiple actions (createContingentPool, addLiquidity, etc.) without imposing limits on array sizes. This could lead to a denial of service where transactions consistently fail due to gas limits, especially if the batch size is too large.

Vulnerability Details

// AaveDIVAWrapper.sol lines 114-125

function batchCreateContingentPool(

PoolParams[] calldata _poolParams

) external override nonReentrant returns (bytes32[] memory) {

uint256 _length = _poolParams.length;

bytes32[] memory _poolIds = new bytes32[]();

for (uint256 i = 0; i < _length; i++) {

_poolIds[i] = _createContingentPool(_poolParams[i]);

}

return _poolIds;

}

Similar patterns exist in:

batchAddLiquidity()
batchRemoveLiquidity()
batchRedeemPositionToken()
batchRedeemWToken()
batchClaimYield()
batchApproveCollateralTokenForAave()

Each iteration in these loops:

Makes external calls to other contracts
Updates state variables
Performs complex operations
Can have significant gas costs

Impact

Users could create transactions that will consistently fail by submitting arrays that are too large.

The entire batch operation fails if even a single operation reverts, potentially blocking legitimate operations.

High gas costs could make batch operations impractical for large arrays.

Could lead to degraded user experience if transactions consistently fail due to gas limits.

Tools Used

Manual review

Slither static analyzer

Aderyn static analyzer

Recommendations

1 Implement a maximum array size limit for batch operations:

uint256 private constant MAX_BATCH_SIZE = 50; // Adjust based on gas analysis

function batchCreateContingentPool(

PoolParams[] calldata _poolParams

) external override nonReentrant returns (bytes32[] memory) {

require(_poolParams.length <= MAX_BATCH_SIZE, "Batch size exceeds limit");

// ... rest of the function

}

2 Consider implementing partial success functionality where failed operations don't cause the entire batch to revert.

3 Add events for batch operations to track successes and failures:

event BatchOperationProcessed(

uint256 indexed successCount,

uint256 totalCount,

string operationType

);

Updates

Lead Judging Commences

bube Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Appeal created

nomadic_bear Submitter

7 months ago

bube Lead Judge

7 months ago

nomadic_bear Submitter

7 months ago

bube Lead Judge

7 months ago

bube Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.