Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Make refferal code configurable

ChainDefenders

Summary

The current implementation of the Aave integration includes a hardcoded referralCode parameter set to 0 in the IAave(_aaveV3Pool).supply() function. Referral supply is currently inactive, and the parameter does not impact functionality. However, this program may be activated in the future through an Aave governance proposal, requiring this parameter to be configurable.

Vulnerability Details

Hardcoded Referral Code:

The referral code is hardcoded to 0 in the current implementation.
If the referral program is activated through governance, the contract will need updates to support dynamic referral codes, potentially requiring a redeployment or additional governance actions. Currently the contract is not upgradeable.

Impact

Missed Opportunities:
- The inability to configure the referral code dynamically may result in missed opportunities to utilize referral programs and generate additional benefits.

Tools Used

Manual code review.

Recommendations

Make Referral Code Configurable: Add a parameter for referralCode that can be set by the contract owner or governance.
Default to 0: Use 0 by default if referral supply is inactive.

Updates

Lead Judging Commences

bube Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.