Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Zero-Amount Check Before safeTransferFrom

_okchev

Summary

The function calls safeTransferFrom without verifying whether _collateralAmount is greater than zero. This could lead to unnecessary external calls, inefficiencies, or potential unexpected behavior depending on the ERC-20 token implementation.

Vulnerability Details

The _handleTokenOperations function contains the following code snippet:

IERC20Metadata(_collateralToken).safeTransferFrom(msg.sender, address(this), _collateralAmount);

However, _collateralAmount is not checked before execution. Some ERC-20 implementations may revert on zero-value transfers, while others may process them without effect, leading to unnecessary gas consumption.

Impact

  • Gas inefficiency: Calling safeTransferFrom with a zero amount results in an unnecessary external call, increasing transaction costs.

  • Potential unexpected behavior: Certain ERC-20 tokens might handle zero-value transfers differently, potentially causing failures or unintended effects.

Tools Used

Manual code review

Recommendations

To mitigate this issue, introduce a check before calling safeTransferFrom:

if (_collateralAmount == 0) {
revert CollateralAmountMustBeGreaterThanZero();
}
Updates

Lead Judging Commences

bube Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.