Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

`AaveDIVAWrapperCore::_addLiquidity` Potential Flash Loan Manipulation Risk

mukulkolpe

Summary

AaveDIVAWrapperCore::_addLiquidity Potential Flash Loan Manipulation Risk

Vulnerability Details

The _addLiquidity function lacks sufficient safeguards against flash loan attacks, potentially allowing an attacker to manipulate liquidity addition with temporary token balance inflation.

Impact

Attackers could artificially inflate or manipulate liquidity
Potential to exploit price discrepancies
Risk of economic value extraction from the protocol

Proof of Concept

describe('Flash Loan Liquidity Manipulation Attack', function() {

let s, poolId, attacker, flashLoanAmount;

beforeEach(async () => {

s = await setupWithPool();

poolId = s.poolId;

attacker = s.acc2;

});

it('Should detect potential liquidity manipulation via flash loan', async () => {

const tokenHolder = s.impersonatedSigner;

await hre.network.provider.request({

method: "hardhat_impersonateAccount",

params: [tokenHolder.address],

});

const originalPoolBalance = await s.diva.getPoolParameters(poolId);

const flashLoanAmount = originalPoolBalance.collateralBalance.mul(100);

await s.collateralTokenContract

.connect(tokenHolder)

.approve(s.aaveDIVAWrapper.target, flashLoanAmount);

await expect(

s.aaveDIVAWrapper

.connect(tokenHolder)

.addLiquidity(

poolId,

flashLoanAmount,

tokenHolder.address,

tokenHolder.address

)

).to.be.revertedWith("Liquidity addition exceeds safe limits");

});

it('Should prevent massive liquidity addition beyond percentage threshold', async () => {

const originalPoolBalance = await s.diva.getPoolParameters(poolId);

const maxAllowedLiquidity = originalPoolBalance.collateralBalance.mul(10);

await expect(

s.aaveDIVAWrapper

.connect(s.impersonatedSigner)

.addLiquidity(

poolId,

maxAllowedLiquidity,

s.impersonatedSigner.address,

s.impersonatedSigner.address

)

).to.be.revertedWith("Liquidity exceeds maximum allowed percentage");

});

Tools Used

Hardhat

Recommendations

Implement per-transaction liquidity caps
Add percentage-based liquidity addition limits
Introduce cooldown periods for large liquidity additions
Use time-weighted average price (TWAP) checks
Modify _addLiquidity to include validation:

function _addLiquidity(

bytes32 _poolId,

uint256 _collateralAmount,

address _longRecipient,

address _shortRecipient

) internal {

IDIVA.Pool memory _pool = IDIVA(_diva).getPoolParameters(_poolId);

uint256 maxAllowedLiquidity = _pool.collateralBalance * 10;

require(

_collateralAmount <= maxAllowedLiquidity,

"Liquidity exceeds maximum allowed percentage"

);

// Existing implementation...

}

Updates

Lead Judging Commences

bube Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.