Aave DIVA Wrapper

Root Cause->Hard Dependency on Aave Liquidity

The AaveDIVAWrapper contract assumes that Aave V3 always has sufficient liquidity to process withdrawals. However, Aave liquidity fluctuates based on market conditions. If Aave's pool runs low on collateral (e.g., due to a mass withdrawal event), the _redeemWTokenPrivate function will revert, preventing users from redeeming their wTokens.

Key Issues:

1. Rigid Dependency on Aave’s Availability

The function directly calls IAave(_aaveV3Pool).withdraw(...) without handling liquidity shortages, leading to reverts.

2. No Alternative Redemption Mechanism

Users must wait for Aave’s liquidity to be replenished, causing temporary fund lockups during high-demand scenarios.

3. Increased Risk During Market Stress

If a major liquidity event occurs (e.g., bank run on Aave), users may experience prolonged lockups, exacerbating withdrawal panic.

By decoupling collateral redemption from Aave’s real-time liquidity (e.g., via a withdrawal queue or pro-rata mechanism), the protocol can mitigate these issues and improve overall user confidence during market volatility.

• Exploit: During Aave liquidity shortages (e.g., mass withdrawals), users cannot redeem wTokens even with valid balances.

  function _redeemWTokenPrivate(...) {

  IAave(_aaveV3Pool).withdraw(_collateralToken, _wTokenAmount, ...); // Reverts if insufficient liquidity.

  }

• Impact:

  • Funds temporarily stuck until Aave liquidity is restored.

  • Panic withdrawals could worsen liquidity crunches.

• Exploitability:

  • Moderate. Requires market-wide stress (e.g., bank run on Aave).

Recommendation:

• Implement a withdrawal queue or pro-rata redemption logic.