Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Check in _addLiquidity for pool is not effective

0xkann

Summary

The _addLiquidity function in the contract does not verify whether the pool associated with _poolId has already expired before allowing liquidity to be added. This omission can lead to unintended behavior, including users providing liquidity to an expired pool, which may result in locked or unusable funds.

Vulnerability Details

This vulnerability allows users to add liqudity to pool which already expired.

function _addLiquidity(

bytes32 _poolId,

uint256 _collateralAmount,

address _longRecipient,

address _shortRecipient

) internal {

// Verify that the collateral token used in the DIVA Protocol pool corresponds to a registered

// collateral token in the AaveDIVAWrapper contract. Returns zero address if the wToken is not registered.

IDIVA.Pool memory _pool = IDIVA(_diva).getPoolParameters(_poolId);

address _collateralToken = _wTokenToCollateralToken[_pool.collateralToken];

// Confirm that the collateral token is registered. This check is performed early

// to ensure an immediate and graceful revert rather than allowing execution to continue until the `mint`

// operation at the end of the `_handleTokenOperations` function, which would then fail when attempting to call

// the `mint` function on address(0).

if (_collateralToken == address(0)) {

revert CollateralTokenNotRegistered();

}

// Transfer collateral token from caller to this contract, supply to Aave, and mint wTokens

// to this contract.

_handleTokenOperations(_collateralToken, _collateralAmount, _pool.collateralToken);

// Add liquidity to the DIVA Protocol pool associated with the provided `_poolId`

// using the wToken and send the position tokens to the provided recipients.

IDIVA(_diva).addLiquidity(_poolId, _collateralAmount, _longRecipient, _shortRecipient);

}

Impact

Medium

Lack of Expiry Validation:

The function _addLiquidity retrieves pool parameters using getPoolParameters(_poolId). However, it does not check whether block.timestamp has already surpassed pool.expiryTime.
In the DIVA Protocol, expired pools should not accept additional liquidity since they are no longer active for trading or derivatives settlement.

Potential Consequences:
- If liquidity is added to an expired pool, it may get locked and become unrecoverable, leading to financial loss for the user.
- The protocol might not correctly handle cases where liquidity is provided to an expired pool, possibly leading to unexpected contract behavior.

Tools Used

Manual Review

Recommendations

Updates

Lead Judging Commences

bube Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.