Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Malicious user can DOS adding liquidity in the wrapper

agbanusijohn

Summary

A Denial-of-Service (DoS) vulnerability exists in the approveCollateralTokenForAave function due to improper handling of token allowances. An attacker can front-run transactions to reset the allowance, causing subsequent transactions to revert if the required allowance exceeds the remaining allowance.

Vulnerability Details

The AaveDIVAWrapperCore.approveCollateralTokenForAave function uses OpenZeppelin's safeIncreaseAllowance to set the allowance for a collateral token to Aave. The function calculates the new allowance as type(uint256).max - currentAllowance. However, if the current allowance is already close to type(uint256).max, the new allowance may be significantly reduced, causing transactions to revert if the required allowance exceeds the remaining allowance.

Steps to Reproduce:

An admin registers a collateral token, setting the allowance to type(uint256).max.
The user deposits collateral, reducing the allowance to type(uint256).max - y, where y is the deposited amount with addLiquidity
An attacker front-runs the next user's transaction and calls approveCollateralTokenForAave, setting the allowance to type(uint256).max - (type(uint256).max - y) = y.

The user's transaction reverts if the required allowance exceeds y.

function _approveCollateralTokenForAave(address _collateralToken) internal {

if (_collateralTokenToWToken[_collateralToken] == address(0)) {

revert CollateralTokenNotRegistered();

}

uint256 currentAllowance = IERC20Metadata(_collateralToken).allowance(address(this), _aaveV3Pool);

IERC20Metadata(_collateralToken).safeIncreaseAllowance(_aaveV3Pool, type(uint256).max - currentAllowance);

}

The external function that is to be called is not restricted

/**

* @dev See {IAaveDIVAWrapper-approveCollateralTokenForAave}.

function approveCollateralTokenForAave(address _collateralToken) external override {

_approveCollateralTokenForAave(_collateralToken);

}

Impact

Medium impact due to Denial of Service. Legitimate users may be unable to deposit collateral or interact with Aave, as their transactions may revert due to insufficient allowance.

Tools Used

Manual Review

Recommendations

Restrict the approveCollateralTokenForAave function to trusted users or the contract owner to prevent malicious actors from front-running transactions
or do IERC20Metadata(_collateralToken).safeIncreaseAllowance(_aaveV3Pool, type(uint256).max);

Updates

Lead Judging Commences

bube Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.