Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Missing Batch Size Restrictions Enable Resource Exhaustion in AaveDIVAWrapper

cheatc0d33

Description

The AaveDIVAWrapper contract's batch operation functions lack maximum size restrictions, allowing arbitrarily large batches that could exhaust block gas limits or cause excessive resource consumption.

https://github.com/Cyfrin/2025-01-diva/blob/main/contracts/src/AaveDIVAWrapper.sol#L126

function batchAddLiquidity(AddLiquidityArgs[] calldata _addLiquidityArgs) external nonReentrant {

// No size limit on batch array

for (uint256 i = 0; i < _addLiquidityArgs.length; i++) {

_addLiquidity(

_addLiquidityArgs[i].poolId,

_addLiquidityArgs[i].collateralAmount,

_addLiquidityArgs[i].longRecipient,

_addLiquidityArgs[i].shortRecipient

);

}

// Same issue in other batch functions

function batchRedeemWToken(RedeemWTokenArgs[] calldata _redeemWTokenArgs) external nonReentrant {

// No size limit

for (uint256 i = 0; i < _redeemWTokenArgs.length; i++) {

_redeemWToken(...);

}

Impact

Gas limit exhaustion from oversized batches
Failed transactions due to out-of-gas

Recommended Fix

Add maximum batch size constants and checks:

contract AaveDIVAWrapperCore {

uint256 private constant MAX_BATCH_SIZE = 100; // Configurable

error BatchTooLarge(uint256 size, uint256 maxSize);

function batchAddLiquidity(

AddLiquidityArgs[] calldata _addLiquidityArgs

) external nonReentrant {

if (_addLiquidityArgs.length > MAX_BATCH_SIZE) {

revert BatchTooLarge(

_addLiquidityArgs.length,

MAX_BATCH_SIZE

);

}

for (uint256 i = 0; i < _addLiquidityArgs.length; i++) {

_addLiquidity(...);

}

// Apply to all batch functions

function batchRedeemWToken(...) external nonReentrant {

if (_redeemWTokenArgs.length > MAX_BATCH_SIZE) {

revert BatchTooLarge(

_redeemWTokenArgs.length,

MAX_BATCH_SIZE

);

}

// ...

}

The fix provides reasonable limits while maintaining batch functionality.

Updates

Lead Judging Commences

bube Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.