Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

No mechanism to increase allowance of `WToken`

x0sauce

Summary

In AaveDIVAWrapperCore, there is currently no mechanism to safely increase WToken allowance of the DIVA pool which may brick certain core contract functionalities.

Vulnerability Details

When registering a new collateral token (e.g. USDC), a corresponding maximum allowance of the collateral token will be approve to the Aave Pool and WToken will be approved to the DIVA pool.

The protocol implements _approveCollateralTokenForAave to safely increase the allowance of the collateral token for the Aave pool in the event its allowance is exhausted.

However, the same mechanism is not extended to the DIVA pool for WTokens. This means in the event that the DIVA pool has exhausted its allowance for a WToken, core protocol functionalities (e.g. adding liquidity, creating contigent pool) will not work since transferring WToken from the Wrapper to the pool contract is not possible.

Impact

Protocol functionality will not work in the event where WToken allowance is exhausted

Mitigation

Consider adding a mechanism to increase the allowance of WToken for the DIVA pool

Updates

Lead Judging Commences

bube Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.