Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Incorrect Constructor Parameter Order in AaveDIVAWrapper May Cause Deployment Failure

siisivan

Summary

The constructor of the AaveDIVAWrapper contract does not match the parameter order of its parent contract, AaveDIVAWrapperCore. This inconsistency may cause the contract to malfunction.

Vulnerability Details

The constructor of AaveDIVAWrapper is defined as follows:

constructor(address _aaveV3Pool, address _diva, address _owner) AaveDIVAWrapperCore(_aaveV3Pool, _diva, _owner) {}

However, in the parent contract AaveDIVAWrapperCore, the constructor's parameter order is:

constructor(address diva_, address aaveV3Pool_, address owner_) Ownable(owner_) { ... }

Since the parameters _aaveV3Pool and _diva are passed in the wrong order, it results in incorrect address assignments:

  • _aaveV3Pool (Aave V3 Pool address) is mistakenly assigned to diva_ (DIVA Protocol address).

  • _diva (DIVA Protocol address) is mistakenly assigned to aaveV3Pool_ (Aave V3 Pool address).

Impact

Due to incorrect parameter transmission, the deployed contract may fail to function properly.

Tools Used

Manual

Recommendations

Modify the AaveDIVAWrapper constructor to correctly match the parameter order of AaveDIVAWrapperCore:

constructor(address _aaveV3Pool, address _diva, address _owner) AaveDIVAWrapperCore(_diva, _aaveV3Pool, _owner) {}

This ensures that parameters are passed in the correct order, preventing incorrect address assignments.

Updates

Lead Judging Commences

bube Lead Judge 5 months ago
Submission Judgement Published
Validated
Assigned finding tags:

Constructor arguments mismatch

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.