Aave DIVA Wrapper

Summary

As explained by the creator of the protocol, it can be used for `all kinds of conditional agreements P2P`. Meaning it can be used for every time/price based bets , let's say for example the price of Bitcoin. The users make their predictions and according to the price of Bitcoin they can win their bet. Let's say Alice and Bob make a wager for the price of Bitcoin in USDC(or other token with smaller pool).

Alice bets that it will hit 200k by the end of January. Now let's assume that it's 31st of January and the price hits 200k. The markets are hot, everyone is making money. Alice decides to cash her winning, Alice tries to withdraw her prize by calling _redeemPositionToken. Which calls __redeemTokenPrivate that makes the withdraw from AAVE. But the operation reverts. Why is that? You see in cases of 100% utilization (supply ~= debt), withdrawal operation can revert. This can happen by itself (and has happened in the past during some periods) or be intentionally forced by anyone by temporarily taking out all available AAVE funds as a debt, and then later repaying it to DOS certain operations.

Vulnerability Details

As explained in the Summary when utilization for a pool in AAVE is at 100% , withdraw function will revert. This will cause users to not be able to withdraw collaterals, the redeemWTokenPrivatefunction will revert. This function is used by both redeemPositionTokenand _removeLiquidity. Meaning they will both revert and cause the user to not be able to remove liquidity as well. So again pre conditions will be something like this:

1. Alice and Bob make a wager for the price of Bitcoin to hit 200k at the end of January

2. Price hits 200k by 31st of January.

3. Alice decides to withdraw her prize.

4. Since markets are hots and people are taking loans(or Bob is a malicious user that takes a big loan so that Alice cannot withdraw), Alice cannot withdraw due to 100% utilization.

5. Time passes and now it's 1st of February.

6. Bob wins and takes out the prize and leaves Alice with no collateral.

Impact

Alice will not be able to withdraw her prize, time will pass and her bet will now be off, or price of Bitcoin will go under 200k so Bob can now withdraw his bet. Leaving Alice with no prize and even loosing the bet and the collateral she has provided for the bet.

Tools Used

Manual review

Simillar issue confirmed by sponsors:

https://github.com/sherlock-audit/2024-08-perennial-v2-update-3-judging/issues/16

Recommendations

It's hard to do anything it this situation about AAVE , but the amount to be withdrawn by the winner can be stored in a separate mapping , and to have a separate function when the user can withdraw any money he has in a later time.