Contract Lacks a Pause & Unpause Mechanism
Summary
The contracts AaveDIVAWrapperCore and AaveDIVAWrapper does not include a pausable mechanism, meaning that new collateral will always be registered users will always add liquidity, remove liquidity and other operations users have control over meaning, even if a security vulnerabilitity is discovered there is no emergency to stop users from performing operations if something goes wrong
Vulnerability Details
This is a critical issue cause if an exploit is found or decision made by stopping operations for some moment possibly to implement a fix or during upgrades, malicious actors could continue adding tokens before a fix is implemented
Impact
No emergency control to stop operations in case of an attack.
Attacker could spam fake collateral token into the syetm possibly breaking integrations with external protocol
No way to halt registration during upgrades or audits.
Security Risks if an exploit is found, attackers can still register fake or malicious tokens.
Tools Used
Manual Review
Recommendations
To address this we should integrate OpenZeppelin's pausable contract or implement a custom pause mechanism.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.