Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Protocol core functionality can be bricked if fees are introduced to USDT

x0sauce

Summary

Introduction of fees in USDT removes protocol's ability to support new pools / add USDT to existing pools.

Vulnerability Details

Although fee on transfer tokens are not supported, USDT may in fact introduced fees in the future.

If such an occurence happens, users will lose the ability to create new contigent pools or add liquidity to existing contigent pools utilizing USDT.

When users tries to create new pools or add liquidity, the AaveDIVAWrapper._handleTokenOperations is called. In the event where USDT implements a fee in the future, USDT (i.e. _collateralAmount) supplied by the user will differ from the actual USDT supplied to the wrapper contract. This will in turn cause the supplying of the collateral to the AaaveV3Pool to fail.

function _handleTokenOperations(
address _collateralToken,
uint256 _collateralAmount,
address _wToken
) private {
// Transfer collateral token from the caller to this contract. Requires prior approval by the caller
// to transfer the collateral token to the AaveDIVAWrapper contract.
IERC20Metadata(_collateralToken).safeTransferFrom(
msg.sender,
address(this),
_collateralAmount
); // @audit _collateralAmount can differ from actual amount of USDT sent if fees are introduced, removing the ability for users to add liquidity
// Supply the collateral token to Aave and receive aTokens. Approval to transfer the collateral token from this contract
// to Aave was given when the collateral token was registered via `registerCollateralToken` or when the
// allowance was set via `approveCollateralTokenForAave`.
IAave(_aaveV3Pool).supply(
_collateralToken, // Address of the asset to supply to the Aave reserve.
_collateralAmount, // Amount of asset to be supplied.
address(this), // Address that will receive the corresponding aTokens (`onBehalfOf`).
0 // Referral supply is currently inactive, you can pass 0 as referralCode. This program may be activated in the future through an Aave governance proposal.
);
// Mint wTokens associated with the supplied asset, used as a proxy collateral token in DIVA Protocol.
// Only this contract is authorized to mint wTokens.
IWToken(_wToken).mint(address(this), _collateralAmount);
}

LOC

https://github.com/Cyfrin/2025-01-diva/blob/1b6543768c341c2334cdff87b6dd627ee2f62c89/contracts/src/AaveDIVAWrapperCore.sol#L423

https://github.com/Cyfrin/2025-01-diva/blob/1b6543768c341c2334cdff87b6dd627ee2f62c89/contracts/src/AaveDIVAWrapperCore.sol#L188

https://github.com/Cyfrin/2025-01-diva/blob/1b6543768c341c2334cdff87b6dd627ee2f62c89/contracts/src/AaveDIVAWrapperCore.sol#L138

Impact

When fees are introduced to USDT, adding liquidity to existing USDT contigent pools or creating new pools utiziling USDT will be impossible.

Mitigation

Consider caching the balance of the Wrapper contract before and after the collateral token is transferred and use the difference in collateral amount to supply to the Aave pool to receive Atokens in returned.

Updates

Lead Judging Commences

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Appeal created

x0sauce Submitter
6 months ago
bube Lead Judge
6 months ago
bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.