Submission Details
Severity:
Wrong Implementation of transferFrom in _redeeemLiquidity` and `_redeemPosition`
Summary:
A vulnerabilty stems in _redeemLiquidity and _redeemPositionToken use transferFrom() for DIVA position tokens without validating the return value.
This vulnerability will allow tokens with false on failure instead of revert to bypass critical transfer logic, which can potentially allow malicious users to steal funds.
Vulnerability Details
https://github.com/Cyfrin/2025-01-diva/blob/1b6543768c341c2334cdff87b6dd627ee2f62c89/contracts/src/AaveDIVAWrapperCore.sol#L198-L309
``
This vulnerability stems in `_redeemLiquidity` and `_redeemPositionToken` This current Implementation assumes transfer always succed as it fails to check for the boolean return value of `transferFrom()` .
In a case where a token returns false on failure due to insufficient balance or approval these functions will continue execution as if the transaction succeded. Attackers could use this as a way to exploit the contract without transfering tokens to the contract.
## Impact
Malicious users can withdraw liquidity without transfering tokens.
Loss of contract funds
Malicious users could take positiontokens they do not own darning the protocol.
## Tools Used
Manual Review
## Recommendations
Return manual value checks
Use openzeppelin's `saferERC20.safeTransferFrom` which reverts on failures.
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
51929 USDC / LOC
14,000
1,000
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.