Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Improper choice of condition

0xkann

Summary

In redeemPositionToken if user have specified in positionTokenAmounts bigger than his balanceOf it will revert. It will not revert only when its under the users total balance or its set to uint256 max to use the full balance of the user

Vulnerability Details

Using to check _positionTokenAmount if its uint256 max to take the full balance of user is very bad design choice since if its not uint256 max and its still over the users total balance function will revert.

function _redeemPositionToken(

address _positionToken,

uint256 _positionTokenAmount,

address _recipient

) internal returns (uint256) {

IDIVA.Pool memory _pool = IDIVA(_diva).getPoolParametersByAddress(_positionToken);

if (_wTokenToCollateralToken[_pool.collateralToken] == address(0)) {

revert CollateralTokenNotRegistered();

}

IERC20Metadata _positionTokenContract = IERC20Metadata(_positionToken);

IERC20Metadata _collateralTokenContract = IERC20Metadata(_pool.collateralToken);

// Use the user's balance if `_positionTokenAmount` equals `type(uint256).max`.

uint256 _userBalance = _positionTokenContract.balanceOf(msg.sender);

uint256 _positionTokenAmountToRedeem = _positionTokenAmount;

if (_positionTokenAmount == type(uint256).max) { //@audit improper design choice instead do if _positionTokenAmountToRedeem

_positionTokenAmountToRedeem = _userBalance;

}

Impact

Low

Tools Used

Manual Review

Recommendations

Using this way if the positionTokenAmount is under userBalance it will use the positionTokenAmount.

If the positionTokenAmount is over the userBalance it will use the all userBalance

uint256 _userBalance = _positionTokenContract.balanceOf(msg.sender);

uint256 _positionTokenAmountToRedeem = _positionTokenAmount;

+ if (_positionTokenAmount >=_userBalance) { <-

_positionTokenAmountToRedeem = _userBalance;

}

Updates

Lead Judging Commences

bube Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.