Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Incorrect wToken mapping usage leads to failed logic in token operations

cd_pandora

Summary

Source:

https://github.com/Cyfrin/2025-01-diva/blob/main/contracts/src/AaveDIVAWrapperCore.sol#L176C6-L188C92
https://github.com/Cyfrin/2025-01-diva/blob/main/contracts/src/AaveDIVAWrapperCore.sol#L440

Vulnerability Details

The _wTokenToCollateralToken mapping is being incorrectly used to fetch the collateralToken from _pool.collateralToken:

address _collateralToken = _wTokenToCollateralToken[_pool.collateralToken];

This is incorrect because the logic should focus on mapping collateralToken to the corresponding wToken, using _collateralTokenToWToken.

Further, in downstream logic:

_handleTokenOperations(_collateralToken, _collateralAmount, _pool.collateralToken);

  • The mismatch causes _handleTokenOperations to interact with the wrong token, leading to minting or operational issues.

Impact

_handleTokenOperations ends up performing operations on the wrong token due to incorrect mapping logic.

  • This results in minting the collateralToken to the contract itself, instead of using the correct wToken.

  • This issue breaks the intended flow of token operations and may result in unexpected token behavior.

Tools Used

Recommendations

Consider adding:

// Fixed Code
address _wToken = _collateralTokenToWToken[_pool.collateralToken];
address _collateralToken = _wTokenToCollateralToken[_wToken];

Then, use _wToken consistently in the downstream function:

_handleTokenOperations(_collateralToken, _collateralAmount, _wToken);
Updates

Lead Judging Commences

bube Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.