Potential for Unnecessary Allowance Resets
Description
The AaveDIVAWrapper::approveCollateralTokenForAave function allows any user to reset the allowance for a registered collateral token to unlimited. While this is an intentional design choice, it could potentially lead to unnecessary gas costs if misused.
Impact
The primary concern is the potential for unnecessary gas costs if this function is called frequently. There is no direct risk of unauthorized spending or loss of funds.
POC/Proof of Code
This function is callable by anyone and resets the allowance for the specified collateral token to unlimited.
Tools Used
Manual review
Recommended Mitigation
-
Implement rate limiting: Add a mechanism to prevent excessive calls to this function within a short time frame.
-
Event logging: Add an event to log when this function is called, including the caller's address and the collateral token involved.
-
Documentation: Ensure that the documentation clearly explains the purpose and potential risks of this function, including the possibility of unnecessary gas costs.
-
Monitoring: Implement off-chain monitoring to detect unusual patterns of allowance resets.
-
Consider implementing a small fee for this operation to discourage frequent unnecessary calls.
By implementing these mitigations, the potential for misuse and unnecessary gas costs can be minimized while maintaining the intended functionality of the system.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.