Lack of proper Accounting for yield distribution will result in donation recipients(Farmers) not getting fair increased distribution payouts or getting 0 increased distribution payouts.
Summary
Users who use AaveDivaWrapper through Diva Donate for donation purposes with hopes of perhaps increasing donation payout will not get the increased payout.
Vulnerability Details
when owner claims yield it clears the yield of contingent pools with the same collateral token and without a proper accounting and mechanism for fair yield sharing it's impossible to know how much exactly recipients are entitled to which should be depend on how much was deposited as collateral into the contingent pool. if owner decides to guess who gets what it results in unfairness as recipients whose donators didn't desposit as much as other recipients who are much more deserving of a high increased donation payout will get high amounts of increased donation payouts
Impact
Because there is no mechanism for fair allocation of yields to donatees owners might decide to not distribute which removes one of the appealing features of the AaveDivaWrapper contracts, users might feel it's a redundant path to participating in the network as there is no additional benefit.
Tools Used
Recommendations
Consider creating a mechanism of fair distribution of accrued yields.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.