[L-02] Incorrect Yield Calculation When aToken Balance Equals wToken Supply
Summary
The _getAccruedYieldPrivate function contains flawed logic that improperly handles the case where aToken balances exactly match wToken supply, potentially obscuring protocol health indicators and creating accounting inaccuracies.
Vulnerability Details
Affected Function:
Issue Analysis
While the current implementation correctly returns 0 when aTokenBalance <= wTokenSupply, this fails to account for critical protocol states:
Perfect Balance Edge Case
When aTokenBalance == wTokenSupply, this indicates either:
Instantaneous equality after deposit/withdrawal
Protocol insolvency (aTokens < wTokens) masked by rounding
Potential manipulation via precision loss attacks
Silent Error Masking
Returns identical values (0) for both:
Healthy state with aTokenBalance == wTokenSupply (temporary)
Dangerous state with aTokenBalance < wTokenSupply (protocol insolvency)
Impact
Obscures protocol solvency status
Enables undetected accounting discrepancies
May lead to false yield claims during transient balance states
Creates risk surface for precision-based manipulation attacks
Tools Used
Manual code analysis
Mathematical edge case evaluation
Aave protocol interaction patterns review
Recommendations
Explicit State Handling
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.