Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

type(uint256).max approval causes revert in certain tokens

wellbyt3

Summary

The protocol attempts to approve type(uint256).max for collateral tokens, but since tokens like UNI enforces a 96-bit limit on approvals, this call will always revert, preventing tokens like UNI from being registered as a collateral token even though they are supported by Aave.

Vulnerability Details

The protocol states in the README that supported collateral tokens are:

Any ERC20 token supported by Aave V3, but mainly stablecoins like USDC, USDT are expected to be used for DIVA Donate.

UNI is a token supported by Aave. When UNI.approve() is called, UNI reverts if the approval amount is 2^96 or larger. Here's the code from the UNI contract on Ethereum:

function approve(address spender, uint rawAmount) external returns (bool) {

uint96 amount;

if (rawAmount == uint(-1)) {

amount = uint96(-1);

} else {

@> amount = safe96(rawAmount, "Uni::approve: amount exceeds 96 bits");

}

allowances[msg.sender][spender] = amount;

emit Approval(msg.sender, spender, amount);

return true;

}

function safe96(uint n, string memory errorMessage) internal pure returns (uint96) {

@> require(n < 2**96, errorMessage);

return uint96(n);

}

https://etherscan.io/address/0x1f9840a85d5af5bf1d1762f925bdaddc4201f984#code

In AaveDIVAWrapperCore::_registerCollateralToken, type(uint256).max is passed as the approval amount for collateral token which will always revert when trying to register UNI as a collateral token:

function _registerCollateralToken(address _collateralToken) internal returns (address) {

...

@> _collateralTokenContract.approve(_aaveV3Pool, type(uint256).max);

...

}

Impact

Tokens like UNI that are Aave supported aren't compatible with the protocol.

Tools Used

Manual review

Recommendations

If you want to really support all tokens Aave supports, use uint96 - 1 and then update the increase allowance functions to increase to uint96 - 1

Updates

Lead Judging Commences

bube Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Appeal created

bube Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!