Liquidity Addition Missing After Pool Creation
Summary
A vulnerability exists in the contract where, after creating a new contingent pool, liquidity is not added to the pool. The function _createContingentPool successfully creates a pool on the DIVA protocol, but it does not add liquidity in diva by sending the minted W token from this contract to transfer to Diva. also doesnt transfer short and long position amount to User.
Vulnerability Details
When user calls addLiquidity he wants to buy positions in the pool providing his collateral. In handleTokenOperations he sends his collateral to Aave and then contract is sending the recipient position tokens and sends Wtoken to Diva by calling addLiquidity in Diva. However this logic misses in _createContingentPool since User creates the pool and also transfers his collateral to aave he should also receive position tokens for the pool and add liquidity for the pool but he doesnt receive anything for the amount provided.
The _createContingentPool function allows users to create a pool on the DIVA protocol by supplying parameters such as collateral amount, reference asset, and expiration time. The pool is created using the createContingentPool function of the DIVA protocol.
After the pool is created, the liquidity should be added to the pool, but the contract does not include a step to automatically add liquidity to the pool and for the user.
Impact
Medium
Tools Used
Manual Review
Recommendations
Do call
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.