Data provider can also be a liquidity provider which provides them with additional incentives to maliciously submit incorrect reference assets values.
Since removing liquidity will incur fees (in WTokens
) to be provided to data providers who report prices of reference assets in the pool that determine the final payouts, data providers now have additional incentives to game price of reference asset in their favor in order to earn more collateral.
When a user removes liquidity, a certain portion in fees in terms of pool collateral will be set aside for the data provider. Once claimed, the data provider will have access to the WToken which allows them to use it to add liquidity into existing contigent pools.
If the data provider address that receives the WToken and adds liquidity into a contigent pool where the address is also the reporter of the price of the reference assets, this allows them to manipulate the price of the reference assets to allow them to claim more collateral in return.
In LibDIVA.sol
Consider the following scenario
Alice, who is a data provider, receives WUSDC due to a user who calls AaveDIVAWrapper.removeLiquity
After some time, she accumulates fees that results in 100 WUSDC
She utilizes this 100 WUSDC to add liquidity into a existing contigent pool
She intentionally submits the price of the reference asset in her favor
She is now able to claim more collateral tokens (WTokens) back in return (more than her principal WToken).
Additional incentives for data providers to submit wrong price for reference assets.
Consider rewriting the logic or calling AaveDIVAWrapper.redeemWToken
for fee claiming to convert back to the underlying collateral before transferring fees back to the data provider when they attempt to claim fees.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.