Submission Details
Severity:
Unlimited Token Approvals
Description: The AaveDIVAWrapperCore contract sets unlimited approvals for both DIVA protocol and Aave without any way to revoke or limit them.
_wTokenContract.approve(_diva, type(uint256).max);
_collateralTokenContract.approve(_aaveV3Pool, type(uint256).max);
Impact:
If either protocol is compromised, all funds at risk
No granular control over approvals
Increased attack surface
Recommended Mitigation:
Implement approval limits
Add ability to revoke approvals
Consider per-transaction approvals
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
51929 USDC / LOC
14,000
1,000
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.