Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Ambiguous Zero Return for Unregistered Collateral and No Accrued Yields

frontrunner

Summary

The function _getAccruedYield returns 0 in two distinct scenarios:

When the collateral token is not registered (_collateralTokenToWToken[_collateralToken] == address(0)).
When there are no accrued yields (_getAccruedYieldPrivate(_collateralToken) returns 0).

This behavior can lead to ambiguity in interpreting the return value, as the same output (0) is used to represent two different states.

Vulnerability Details

```_getAccruedYield``` returns zero when a collateral token has not been registered

function _getAccruedYield(address _collateralToken) internal view returns (uint256) {

// Return 0 if collateral token is not registered

if (_collateralTokenToWToken[_collateralToken] == address(0)) {

@> return 0;

}

return _getAccruedYieldPrivate(_collateralToken);

}

```

The function ```_getAccruedYieldPrivate``` also returns zero when there haven't been any accrued yields in the contract

function _getAccruedYieldPrivate(address _collateralToken) private view returns (uint256) {

uint256 aTokenBalance = IERC20Metadata(IAave(_aaveV3Pool).getReserveData(_collateralToken).aTokenAddress)

.balanceOf(address(this));

uint256 wTokenSupply = IERC20Metadata(_collateralTokenToWToken[_collateralToken]).totalSupply();

// Handle case where the aToken balance might be smaller than the wToken supply (e.g., due to rounding).

// In that case, the owner should just wait until yield accrues.

@> return aTokenBalance > wTokenSupply ? aTokenBalance - wTokenSupply : 0;

}

Impact

However, it can cause confusion for developers or external systems relying on this function, as they cannot distinguish between an unregistered collateral token and a registered token with no accrued yields.

If the return value of 0 is used to make decisions (e.g., skipping further processing or triggering specific logic), it may lead to unintended behavior if the caller assumes the wrong state (e.g., assuming no yields when the token is unregistered).

Tools Used

Manual review

Recommendations

Use a revert statement or a custom error to explicitly indicate when a collateral token is not registered. This ensures that the caller is aware of the specific reason for the failure.

Updates

Lead Judging Commences

bube Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.