Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Low

inh3l

Collaretal tokens once registered cannot be unregistered

Impact

The contract holds a registerCollateralToken functio to add tokens that can be set as collateral tokens, but lack a function to unregister. If a situation arises in which needed collateral token should be deregisted, e.g faulty token implementation, stablecoin depeg, the protocol will be unable to do so, which may lead to various protocol integration issues inclduing loss of funds for users.

function registerCollateralToken(
address _collateralToken
) external override onlyOwner nonReentrant returns (address) {
> return _registerCollateralToken(_collateralToken);
}

Recommendations

Introduce an admin protected function to unregister tokens.

No slippage protection in various protocol operations

Impact

The functions addLiquidity, removeLiquidity, redeemPositionToken, redeemWToken interact with diva without enforcing slippage protection. As a result, the user has no control over the amount of tokens returned to them. This can lead to loss of funds especially on chains like Ethereum mainnet where the prevalence of MEV bots is very high.

Recommendations

Introduce minAmountOut paramters that can protect users from slippage.

approveCollateralTokenForAave may not work for tokens which revert on > type(uint96).max approval

Impact

The _approveCollateralTokenForAave allows reapproving aave v3 pool to spend type(uint256).max - currentAllowance. The issue with this is that many popular tokens like UNI and COMP revert if the amount being approved is greater than uint96(-1).

function _approveCollateralTokenForAave(address _collateralToken) internal {
// Ensure the collateral token is registered before setting approval.
if (_collateralTokenToWToken[_collateralToken] == address(0)) {
revert CollateralTokenNotRegistered();
}
uint256 currentAllowance = IERC20Metadata(_collateralToken).allowance(address(this), _aaveV3Pool);
// Using OpenZeppelin's `safeIncreaseAllowance` to accommodate tokens like USDT on Ethereum that
// require the approval to be set to zero before setting it to a non-zero value.
>> IERC20Metadata(_collateralToken).safeIncreaseAllowance(_aaveV3Pool, type(uint256).max - currentAllowance);
}

As a result, reapproving these tokens may fail.

Recommendations

Approve to 0 instead first, then approve to max.

Pool operations can be dossed is aave supply cap is reached

Impact

Pool operations like addLiquidity and createContingentPool will fail if aave's supply cap for the token is reached. In the aave protocol, some assets have borrow or supply caps.Borrowing or supplying beyond this cap is not possible. `the contracts doesn't check that this cap. It also doesn't check if the isFrozen flag is set. If the isFrozen flag is set, deposit will be always revert when attempts is made to deposit into the strategy.

function _handleTokenOperations(address _collateralToken, uint256 _collateralAmount, address _wToken) private {
// Transfer collateral token from the caller to this contract. Requires prior approval by the caller
// to transfer the collateral token to the AaveDIVAWrapper contract.
IERC20Metadata(_collateralToken).safeTransferFrom(msg.sender, address(this), _collateralAmount);
// Supply the collateral token to Aave and receive aTokens. Approval to transfer the collateral token from this contract
// to Aave was given when the collateral token was registered via `registerCollateralToken` or when the
// allowance was set via `approveCollateralTokenForAave`.
IAave(_aaveV3Pool).supply(
_collateralToken, // Address of the asset to supply to the Aave reserve.
_collateralAmount, // Amount of asset to be supplied.
address(this), // Address that will receive the corresponding aTokens (`onBehalfOf`).
0 // Referral supply is currently inactive, you can pass 0 as referralCode. This program may be activated in the future through an Aave governance proposal.
);
// Mint wTokens associated with the supplied asset, used as a proxy collateral token in DIVA Protocol.
// Only this contract is authorized to mint wTokens.
IWToken(_wToken).mint(address(this), _collateralAmount);
}

Recommendations

Updates

Lead Judging Commences

bube Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[Invalid] No way to remove collateral tokens

This is invalid. If the collateral token is not supported by Aave or invalid, the `registerCollateralToken` will revert. If the collateral token is deprecated by Aave due to a given issue, this is known issue: "Integration risk with both Aave V3 and DIVA Protocol - vulnerabilities in either protocol may affect AaveDIVAWrapper."

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.