Submission Details
Severity:
Approving the maximum token amount `type(uint256).max` may not work for certain tokens that do not support this approval value.
Summary
AaveDIVAWrapperCore::_registerCollateralToken approves the maximum amount of collateralToken to be spent by the aaveV3Pool. The tokens like UNI or COMP
will revert when approving the max tokens.
function approve(address spender, uint rawAmount) external returns (bool) {
uint96 amount;
if (rawAmount == uint(-1)) {
amount = uint96(-1);
} else {
amount = safe96(rawAmount, "Uni::approve: amount exceeds 96 bits");
}
allowances[msg.sender][spender] = amount;
emit Approval(msg.sender, spender, amount);
return true;
}
Both the tokens contain this piece of code which reverts when the amount exceeds 96 bits.
Proof of Concept
Impact
This functionality can revert for tokens that doesn't suppport max unit256 approval, If this occurs, the entire batch of tokens awaiting approval will also fail.
Tools Used
Manual Review
Recommendations
I would suggest approve only the necessay amount of token to the aaveV3Pool instead of the type(uint256).max amount.
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
51929 USDC / LOC
14,000
1,000
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.