Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Incompatibility with Fee-on-Transfer or Deflationary Tokens

elit3pwner

Description:
The _handleTokenOperations function transfers _collateralAmount from the user and mints an equivalent amount of wToken. However, if the collateral token charges transfer fees or is deflationary (e.g., reduces balances on transfer), the actual received amount by the contract will be less than _collateralAmount. Subsequent calls to Aave's supply with _collateralAmount will fail due to insufficient balance, causing transaction reverts. Even if the transfer succeeds but the actual amount is lower, minting wToken for the original _collateralAmount would create an imbalance between wToken supply and Aave's aToken balance, leading to undercollateralization.

Affected Files:

  • AaveDIVAWrapperCore.sol (specifically _handleTokenOperations function)

Impact:

  • Transactions involving fee-on-transfer tokens will revert, rendering the contract incompatible with such tokens.

  • If somehow the supply succeeds with reduced amounts, wToken would be over-minted, causing redemption failures and loss of user funds.

Recommendation:
Modify _handleTokenOperations to calculate the actual received collateral amount after transfer:

uint256 balanceBefore = IERC20Metadata(_collateralToken).balanceOf(address(this));
IERC20Metadata(_collateralToken).safeTransferFrom(msg.sender, address(this), _collateralAmount);
uint256 actualCollateralAmount = IERC20Metadata(_collateralToken).balanceOf(address(this)) - balanceBefore;
// Use `actualCollateralAmount` for Aave supply and wToken minting
Updates

Lead Judging Commences

bube Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!