Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

register collateral token doesnt check the decimal of the token

0xkann

Summary

By calling registerCollateralToken Owner registers _collateralToken but nowhere checks the decimal of this token

Vulnerability Details

When owner wants to register a new collateral token he calls registerCollateralToken of course owner has no insentive to compromise his own contract but some errors could be made thats why its good to check the decimal of the inputed parameter collateralToken in registerCollateralToken as written in the documentation only ERC20 tokens are allowed that are between 6-18 Decimals.

function _registerCollateralToken(address _collateralToken) internal returns (address) {

// Verify that the collateral token is not yet registered.

if (_collateralTokenToWToken[_collateralToken] != address(0)) {

revert CollateralTokenAlreadyRegistered();

}

// Retrieve the aToken address associated with the provided collateral token from Aave V3. Reverts if

// the collateral token is not supported by Aave V3.

// Note: aTokens have the same number of decimals as the collateral token: https://discord.com/channels/602826299974877205/636902500041228309/1249607036417867810

address _aToken = _getAToken(_collateralToken);

if (_aToken == address(0)) {

revert UnsupportedCollateralToken();

}

IERC20Metadata _collateralTokenContract = IERC20Metadata(_collateralToken);

+ //Add check for decimal

+ if(_collateralTokenContract.decimals() < 6 && _collateralTokenContract.decimals() > 18) revert

// Deploy a token that represents a wrapped version of the collateral token to be used as proxy collateral in DIVA Protocol.

// The symbol and name of the wToken are derived from the original collateral token, prefixed with 'w' (e.g., wUSDT or wUSDC).

// This naming convention helps in identifying the token as a wrapped version of the original collateral token.

// The wToken decimals are aligned with those of the collateral token and the aToken.

// This contract is set as the owner and has exclusive rights to mint and burn the wToken.

WToken _wTokenContract = new WToken(

string(abi.encodePacked("w", _collateralTokenContract.symbol())), <-- Sets to _wTokenContract without checking if the decimal is fine

_collateralTokenContract.decimals(),

address(this) // wToken owner

);

... code ...

}

Impact

Low-> Medium

Improper decimal token registering as collateral

Tools Used

Manual Review

Recommendations

Add check which checks for collateralToken decimal and if its under 6 or over 18 to revert

if(_collateralTokenContract.decimals() < 6 && _collateralTokenContract.decimals() > 18) revert

Updates

Lead Judging Commences

bube Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.