Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Delayed Settlement Allows Manipulative Liquidity Withdrawal Before Outcome Finalization

daniel526

The removeLiquidity function in the DIVA protocol allows users to withdraw collateral by returning both long and short tokens. However, the protocol does not enforce an immediate lockup after an outcome is submitted but before it is finalized. This creates a time window where a user can observe the reported outcome and, if unfavorable, withdraw liquidity before finalization. This effectively allows liquidity providers to escape losses, leaving only remaining participants (who didn’t withdraw) to bear the risk.

Code Reference:

function _removeLiquidity(

bytes32 _poolId,

uint256 _positionTokenAmount,

address _recipient

) internal returns (uint256) {

// Query pool parameters to obtain the collateral token as well as the

// short and long token addresses.

IDIVA.Pool memory _pool = IDIVA(_diva).getPoolParameters(_poolId);

// Early check that the pool's collateral token is associated with a registered collateral token.

// This ensures an immediate and graceful revert.

if (_wTokenToCollateralToken[_pool.collateralToken] == address(0)) {

revert CollateralTokenNotRegistered();

}

...

An attacker can wait until the oracle submits an unfavorable outcome (e.g., long tokens are about to lose value), then remove liquidity before finalization, avoiding loss while still paying only a 0.3% fee.

Impact:

Users who do not actively monitor or withdraw liquidity are unfairly disadvantaged. This undermines the integrity of the protocol, allowing sophisticated users to game the system while regular users bear disproportionate risks.

Mitigation:

Introduce a lockup period where liquidity cannot be removed once an outcome is submitted but not yet finalized, ensuring fair risk distribution.

Updates

Lead Judging Commences

bube Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.