Improper input handling leads to unnecessary reverts and gas waste in `AaveDIVAWrapperCore` contract
Summary
The contract improperly handles _positionTokenAmount validation in AaveDIVAWrapperCore::_removeLiquidity, AaveDIVAWrapperCore::_redeemPositionToken, and _wTokenAmount in AaveDIVAWrapperCore::_redeemWToken.
If a user inputs an amount above their balance but below type(uint256).max, the transaction fails unnecessarily, causing gas inefficiency.
A simple balance check before handling type(uint256).max can prevent this issue.
Vulnerability Details
In the three functions AaveDIVAWrapperCore::_removeLiquidity, AaveDIVAWrapperCore::_redeemPositionToken, AaveDIVAWrapperCore::_redeemWToken, we are using type(uint256).max to check if user want to perform the action with the maximum amount possible based on their balance.
However, if user inputs a value that lower than type(uint256).max but exceed user balance, the transaction reverts the whole previous calculated logic, leading to significant gas waste.
Impact
Gas inefficiency due to unnecessary transaction reverts.
Tools Used
Manual review
Recommendations
Consider adding a condition to check if _positionTokenAmount (_wTokenAmount in AaveDIVAWrapperCore::_redeemWToken) exceed user balance before checking type(uint256).max.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.