The order of the passed parameters is incorrect.
Summary
The order of the parameters passed to the constructors of AaveDIVAWrapper and AaveDIVAWrapperCore is incorrect, leading to a Denial of Service (DoS) issue in the project.
Vulnerability Details
In the constructor of AaveDIVAWrapper, the order of the parameters passed is AaveDIVAWrapperCore(aaveV3Pool, diva, owner)*, while in the constructor of AaveDIVAWrapperCore, the expected order of the parameters is *constructor(address diva, address aaveV3Pool, address owner). This mismatch in parameter order will lead to a Denial of Service (DoS) issue for all diva and aaveV3Pool-related functionality in the project.
Impact
All functions related to diva and aave V3 Pool in the project will be Dos.
Tools Used
Manual review
Recommendations
Modify the parameter order in the constructor of AaveDIVAWrapperCore to constructor(address aaveV3Pool_, address diva_, address owner_).
Lead Judging Commences
Constructor arguments mismatch
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.