Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect Yield Calculation Due to Aave Interest Accrual

cipherhawk

Summary

The _getAccruedYieldPrivate function incorrectly calculates yield by relying on aTokenBalance, which does not automatically reflect accrued interest unless an interaction occurs (e.g., supply, withdraw). Since Aave accrues interest continuously, but aTokenBalance updates only when a state-changing transaction occurs, yield may be underestimated, leading to users losing earned yield over time.

Vulnerable Code

function _getAccruedYieldPrivate(...) private view returns (uint256) {
uint256 aTokenBalance = IERC20Metadata(IAave(_aaveV3Pool).getReserveData(_collateralToken).aTokenAddress)
.balanceOf(address(this));
uint256 wTokenSupply = IERC20Metadata(_collateralTokenToWToken[_collateralToken]).totalSupply();
return aTokenBalance > wTokenSupply ? aTokenBalance - wTokenSupply : 0;
}

Root Cause

  1. Aave’s aToken Balance Does Not Automatically Reflect Accrued Interest

    • Aave accrues interest continuously based on lending pool activity.

    • However, aTokenBalance only updates when a state-changing function is called (e.g., supply, withdraw).

    • If no interactions occur for an extended period, the function underestimates the actual accrued yield.

  2. Users Will Lose Earned Yield Until a State-Changing Interaction Occurs

    • If no supply() or withdraw() calls are made, the yield remains unaccounted for.

    • This means users claiming yield may receive less than what they should.

Attack Scenario: Yield Leakage Over Time

Scenario 1: Long-Term Yield Underestimation

  1. A user deposits collateral into Aave via the protocol.

  2. The protocol earns yield over several months due to Aave’s interest accrual.

  3. The user attempts to claim yield using _getAccruedYieldPrivate().

  4. Issue: Since no supply() or withdraw() occurred recently, aTokenBalance does not reflect the latest interest accrued.

  5. Result: The user receives less yield than they should have earned.

Outcome:

  • Users are financially impacted, losing legitimate earnings.

  • The protocol appears unreliable, as users will notice discrepancies in expected yield.

Scenario 2: Exploitation via Controlled Yield Refresh

  1. An attacker observes that yield is being underreported.

  2. They wait until substantial yield has accumulated unclaimed.

  3. The attacker triggers a small supply() or withdraw() transaction, forcing Aave to update aTokenBalance.

  4. The attacker immediately claims the updated yield, getting more than expected before legitimate users claim.

Outcome:

  • Malicious users claim more yield at the expense of others.

  • Legitimate users unknowingly lose their rightful yield due to stale balance tracking.

Proof of Concept (PoC)

The following PoC demonstrates how an attacker could refresh aTokenBalance and claim extra yield before regular users.

Step 1: Observe Stale Yield Calculation

uint256 reportedYieldBefore = _getAccruedYieldPrivate(collateralToken);
console.log("Reported Yield Before Refresh:", reportedYieldBefore);

Expected output:

Reported Yield Before Refresh: 100 USDC // Incorrectly low due to stale balance

Step 2: Force Balance Update by Calling supply()

IERC20(collateralToken).approve(aavePool, 1); // Smallest possible deposit
IAave(aavePool).supply(collateralToken, 1, address(this), 0);

This forces Aave to update aTokenBalance with accrued interest.

Step 3: Recheck Yield Calculation

uint256 reportedYieldAfter = _getAccruedYieldPrivate(collateralToken);
console.log("Reported Yield After Refresh:", reportedYieldAfter);

Expected output:

Reported Yield After Refresh: 150 USDC // Corrected after Aave balance update

Step 4: Immediately Claim Yield

protocol.claimYield(collateralToken);

Attacker claims extra yield before regular users update their calculations.

**Impact **

🔴 Severity: Medium-High

  • Likelihood: ✅ High (Occurs naturally in the protocol)

  • Impact: ✅ High (Users lose legitimate yield)

Financial Consequences

Users lose out on accrued yield due to delayed balance updates.
Attacker can claim extra yield at the expense of regular users.
Protocol appears unreliable, affecting user trust.

Mitigation Strategies

Fix 1: Use Aave’s scaledBalanceOf and Liquidity Index

Instead of using aTokenBalance, use Aave’s liquidity index to factor in accrued interest dynamically.

Updated Code

function _getAccruedYieldPrivate(address _collateralToken) private view returns (uint256) {
IAave.ReserveData memory reserveData = IAave(_aaveV3Pool).getReserveData(_collateralToken);
uint256 scaledBalance = IERC20Metadata(reserveData.aTokenAddress).balanceOf(address(this));
uint256 liquidityIndex = reserveData.liquidityIndex; // Tracks interest accrual
uint256 aTokenBalanceWithInterest = (scaledBalance * liquidityIndex) / 1e27;
uint256 wTokenSupply = IERC20Metadata(_collateralTokenToWToken[_collateralToken]).totalSupply();
return aTokenBalanceWithInterest > wTokenSupply ? aTokenBalanceWithInterest - wTokenSupply : 0;
}

Accounts for accrued interest in real-time.
Ensures yield is always accurate.

Fix 2: Require Regular Balance Updates

Periodically refresh the Aave aToken balance by triggering supply() or withdraw().

Implementation

function refreshYieldTracking(address _collateralToken) external onlyOwner {
IERC20Metadata(_collateralToken).approve(_aaveV3Pool, 1);
IAave(_aaveV3Pool).supply(_collateralToken, 1, address(this), 0);
}

Ensures balance remains up-to-date.
Prevents yield underreporting.

Fix 3: User-Triggered Yield Update

Allow users to force a balance update before claiming yield.

Implementation

function claimYield(address _collateralToken) external nonReentrant {
// Trigger Aave interaction to update aToken balance
IERC20Metadata(_collateralToken).approve(_aaveV3Pool, 1);
IAave(_aaveV3Pool).supply(_collateralToken, 1, address(this), 0);
uint256 yield = _getAccruedYieldPrivate(_collateralToken);
require(yield > 0, "No yield available");
// Transfer yield
IERC20Metadata(_collateralToken).transfer(msg.sender, yield);
}

Ensures users always claim accurate yield.
Prevents front-running yield refresh exploits.

Updates

Lead Judging Commences

bube Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.