Summary

The _addLiquidity function in the AaveDIVAWrapper contract does not validate the _collateralAmount parameter before proceeding with operations. This oversight can lead to unnecessary execution when the collateral amount is zero, resulting in wasted gas and potential confusion for users.

Vulnerability Details

The function accepts several parameters that are crucial for its operation:

• _collateralAmount: The amount of collateral to be added. If this value is zero or negative, it could lead to invalid operations or unintended consequences.

Without proper validation, the function may proceed with invalid inputs, leading to:

• Unexpected Behavior: The contract may behave incorrectly if invalid parameters are used.

• Loss of Funds: Tokens could be sent to unintended addresses, resulting in financial loss for users.

Impact

The lack of parameter validation can lead to indirect risks to user funds and disrupt the protocol's functionality. While funds may not be at immediate risk, incorrect operations could cause significant issues in liquidity management and user experience.

Tools Used

Hardhat

Recommendations

Ensure that _collateralAmount is greater than zero before proceeding with operations.