Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Lack of permission for mint

0xkann

Summary

The vulnerability arises from the initialization process of Contract 2, which requires an address (specifically this—the address of Contract 1) to function properly. However, Contract 1 does not initialize Contract 2 with address, preventing Contract 1 from interacting with Contract 2 to mint wrapped tokens. As a result, Contract 1 lacks the permission to mint using Contract 2, leading to an authorization issue. Since Contract 2 expects address(this) which will assign himself (the contract) onlyOwner permissions.

Vulnerability Details

This issue comes from WToken.sol, since as seen in the comment here for _owner it expects address(this). It would be correct if AaveDivaWrapperCore.sol was setting the constructor value.

contract WToken is IWToken, ERC20 {

address private _owner; // address(this)

uint8 private _decimals;

constructor(string memory symbol_, uint8 decimals_, address owner_) ERC20(symbol_, symbol_) {

// name = symbol for simplicity

_owner = owner_;

_decimals = decimals_;

}

modifier onlyOwner() {

require(_owner == msg.sender, "WToken: caller is not owner");

}

Hence, when User is trying to addLiqudity or createContingentPool it will always fail

function _handleTokenOperations(address _collateralToken, uint256 _collateralAmount, address _wToken) private {

// Transfer collateral token from the caller to this contract. Requires prior approval by the caller

// to transfer the collateral token to the AaveDIVAWrapper contract.

IERC20Metadata(_collateralToken).safeTransferFrom(msg.sender, address(this), _collateralAmount);

// Supply the collateral token to Aave and receive aTokens. Approval to transfer the collateral token from this contract

// to Aave was given when the collateral token was registered via `registerCollateralToken` or when the

// allowance was set via `approveCollateralTokenForAave`.

IAave(_aaveV3Pool).supply(

_collateralToken, // Address of the asset to supply to the Aave reserve.

_collateralAmount, // Amount of asset to be supplied.

address(this), // Address that will receive the corresponding aTokens (`onBehalfOf`).

0 // Referral supply is currently inactive, you can pass 0 as referralCode. This program may be activated in the future through an Aave governance proposal.

);

// Mint wTokens associated with the supplied asset, used as a proxy collateral token in DIVA Protocol.

// Only this contract is authorized to mint wTokens.

IWToken(_wToken).mint(address(this), _collateralAmount);

}

Impact

Medium mint logic is unusable since aaveDivaWrapperCore.sol has no permissions to call mint

Tools Used

Manual Review

Recommendations

set WToken.sol constructor when initializing the AaveDIVAWrapperCore.sol

Updates

Lead Judging Commences

bube Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.