Aave DIVA Wrapper

Summary

This issue arises due to missing or insufficient access control mechanisms for functions that should only be callable by authorized parties. For example, functions such as _redeemPositionToken, _redeemWToken, _approveCollateralTokenForAave, and _claimYield on AaveDIVAWrapperCore.sol contract should likely be restricted to certain roles (such as the owner or an authorized manager) to prevent unauthorized users from performing potentially harmful actions.

Vulnerability Details

Several functions in the contract are designed to interact with external protocols and handle critical operations (such as redeeming tokens, transferring collateral, and interacting with Aave). However, these functions do not have access control mechanisms that would restrict who can call them.

For example:

• The function _redeemPositionToken on line 253 allows any caller to redeem position tokens, which could lead to unauthorized users extracting funds.

• Similarly, _claimYield on line 332 lets users claim yields, but there's no check to ensure only authorized accounts (e.g., the contract owner or an authorized address) can perform such actions.

In the absence of these access control checks, an attacker could call these functions and perform actions on behalf of the contract that could result in unauthorized token transfers, or worse, drain funds from the contract.

Impact

The potential consequences of this issue are severe:

1. Funds at Risk: Unauthorized users could redeem position tokens or claim yields without proper authorization.

2. Loss of Control: Critical functions like collateral approval or withdrawal could be called by anyone, compromising the integrity and control over the protocol's assets.

3. Financial Loss: If an attacker gains access to such functions, they could exploit these to drain assets or cause financial damage to users and the protocol.

Recommended Mitigation:

To mitigate this issue, we recommend implementing proper access control using roles such as onlyOwner, onlyManager, or another predefined role that is able to execute sensitive functions. OpenZeppelin's Ownable contract provides a robust implementation for this, but you can also implement custom role-based access control using AccessControl if more granularity is needed.

For example:

• Use the onlyOwner modifier for functions like _redeemPositionToken, _redeemWToken, and _approveCollateralTokenForAave.

• Use custom roles for functions like _claimYield, potentially involving only specific addresses or a list of authorized users.

Implementation Example:

This example adds the onlyOwner modifier to restrict access to these functions, ensuring that only the contract owner (or an authorized role) can call them.

Proof of Concept (PoC) for Missing Access Control on Key Functions

Actors:

• Attacker: An unauthorized user attempting to exploit the function.

• Victim: The contract owner, users interacting with the contract, or the protocol.

• Protocol: The AaveDIVAWrapperCore contract and its interactions with Aave and the DIVA protocol.

Working Test Case

Line-by-Line Comments:

• contract Attacker: Declares a new contract to simulate an attacker trying to exploit the missing access control.

• AaveDIVAWrapperCore public target: Declares the target contract that the attacker is attempting to exploit.

• constructor(address _target): The constructor initializes the target contract.

• function attack(): Defines the attack function, which attempts to call the _redeemPositionToken function on the target contract.

• target._redeemPositionToken(...): The attacker calls the function that should be restricted but isn’t, thus trying to exploit the vulnerability.

Exploit Scenario:

• Initial State: The contract is deployed, and no access control is enforced for sensitive functions.

• Step 1: The attacker deploys their malicious contract, targeting the AaveDIVAWrapperCore contract.

• Step 2: The attacker calls the attack function in their contract, which internally tries to call _redeemPositionToken to redeem position tokens without any restriction.

• Outcome: Since the contract doesn't have proper access control, the function is executed, allowing the attacker to exploit the vulnerability.

• Implications: The attacker could perform unauthorized actions, including draining tokens, interacting with the DIVA protocol, or claiming yields, leading to potential financial loss or protocol damage.

Impact of the Vulnerability:

• Funds at Risk: Unauthorized users can exploit key functions without restriction, allowing them to potentially drain funds or perform unwanted actions.

• Loss of Protocol Integrity: The protocol's security and the owners' control over the contract could be compromised.

• Financial Damage: Malicious actors could drain funds from the protocol, leading to financial loss.

Tools Used

• Static analysis tools (Slither)

• Manual inspection of the contract code

Recommendations

• Implement access control mechanisms using onlyOwner or AccessControl to restrict access to sensitive functions.

• Ensure that only authorized parties can interact with crucial contract operations.