Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Wrong arguments provided to `AaveDIVAWrapperCore` constructor breaks the protocol.

falsegenius

Vulnerability Details

The AaveDIVAWrapper constructor takes the following arguments,

  • address _aaveV3Pool

  • address _diva

  • address _owner
    Since it inherits AaveDIVAWrapperCore, the arguments are provided to the parent contract too. However, the order of the arguments provided is incorrect.

What the AaveDIVAWrapperCore constructor expects:

constructor(address diva_, address aaveV3Pool_, address owner_) Ownable(owner_) {}

What the AaveDIVAWrapperCore constructor gets:

// @ audit wrong arguments provided to AaveDIVAWrapperCore
@> constructor(address _aaveV3Pool, address _diva, address _owner) AaveDIVAWrapperCore(_aaveV3Pool, _diva , _owner) {}
^ ^
--------------------------------------------------------------------------------------------- |
-------------------------------------------------------------------------------------------------------

This would lead to functions being called on the wrong contract which breaks the core functionality of the protocol since the protocol depends heavily on AaaveV3 and DIVA protocols and the functions on DIVA would be called on AaveV3Pool and vice versa, resulting in reverts all over the place.

Recommendations

Provide the arguments in correct order.

- constructor(address _aaveV3Pool, address _diva, address _owner) AaveDIVAWrapperCore(_aaveV3Pool, _diva , _owner) {}
+ constructor(address _aaveV3Pool, address _diva, address _owner) AaveDIVAWrapperCore(_diva, _aaveV3Pool , _owner) {}
Updates

Lead Judging Commences

bube Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Constructor arguments mismatch

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.