Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Unused Event PoolIssued in IDIVA.sol

koinerdegen

Summary

The IDIVA.sol contract includes an event declaration for PoolIssued that is unused throughout the codebase. Instead of using the declared event, another PoolIssued event is declared in the IAaveDIVAWrapper.sol contract, which creates redundancy and increases the risk of confusion or inconsistencies during integration or debugging.

Vulnerability Details

Type: Redundancy and Unused Code

Location: IDIVA.sol, Line (exact line will depend on the file version provided):

@> event PoolIssued(
bytes32 indexed poolId,
address indexed longRecipient,
address indexed shortRecipient,
uint256 collateralAmount,
address permissionedERC721Token
);
Issue: The PoolIssued event defined in IDIVA.sol is never emitted or used in the contract. Instead, the IAaveDIVAWrapper.sol file redefines and uses a simplified version of the PoolIssued event:

event PoolIssued(bytes32 indexed poolId);
Problem:
- Including unused events in the code adds unnecessary complexity.
- It may lead to confusion for developers, auditors, or integrators, as they might assume that the PoolIssuedevent in IDIVA.sol is active and relevant.
- It could increase gas costs slightly if compiled and deployed as part of the bytecode.

Impact

This issue has a Low severity, as it does not directly affect the functionality, security, or correctness of the contract. However, it introduces technical debt and can complicate future maintenance and debugging efforts.

Tools Used

The following tools were utilized to identify and analyze the issue:

Static Code Review: Manual inspection of the code.
Solidity Compiler (v0.8.26): Verified event declarations and potential usage in bytecode.

Recommendations

Remove the unused event declaration in IDIVA.sol:

// Remove this event declaration from `IDIVA.sol`
- event PoolIssued(
- bytes32 indexed poolId,
- address indexed longRecipient,
- address indexed shortRecipient,
- uint256 collateralAmount,
- address permissionedERC721Token
- );
Standardize the event definition: Ensure that all contracts interacting with the IDIVA interface use a single, consistent declaration of the PoolIssued event. For instance, if the simpler version from IAaveDIVAWrapper.solis preferred, adopt it across the codebase:

event PoolIssued(bytes32 indexed poolId);
Document Changes: Clearly document the reason for removing the unused event and the adoption of the standardized event in your repository or change log.
Audit Related Contracts: Check if other contracts in the codebase also declare similar unused or redundant events and follow the same cleanup process.

Updates

Lead Judging Commences

bube Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.