Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Tokens such as UNI **revert**, if the value passed to approve or transfer is larger than uint96.

chonkov

Summary

Through the AaveDIVAWrapper contract is an owner can register a token and allowing users to create a pool on DIVA. All tokens available on AAVE should also be available on AaveDIVAWrapper. The problem is, some tokens such as UNI, revert when the value passed to approve(...) or transfer(...) is greater than uint96.

Vulnerability Details

When the owner calls registerCollateralToken(...), with _collateralToken equal to UNI, the function will always revert, due to use _collateralTokenContract.approve(\_aaveV3Pool, type(uint256).max). As mentioned in the summary, tokens such as UNI can be approved only with a max value of uint96, therefore the function will always revert with the following error - "Uni::approve: amount exceeds 96 bits". The code of UNI can be checked here.

Impact

Owner can not register UNI as a collateral token, preventing users from using it. Also an invariant is broken that any token on AAVE can be used with AaveDIVAWrapper.

Tools Used

Manual Review

Recommendations

Make sure "weird" tokens such as UNI are approved with type(uint96).max, instead of type(uint256).max

Updates

Lead Judging Commences

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Appeal created

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.