Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Missing Expiry Time Validation in _addLiquidity Function Allows Adding Liquidity to Expired Pools

ayoashy

Summary

The addLiquidity function in the AaveDIVAWrapperCore contract fails to validate the expiry time of the target pool. This omission enables users to add liquidity to pools that have already expired, violating the intended lifecycle of DIVA Protocol pools and potentially leading to financial losses or protocol misuse.

Vulnerability Details

The _addLiquidity function interacts with DIVA Protocol's addLiquidity method to deposit collateral into an existing pool identified by _poolId.
While the function retrieves the pool's parameters (including expiryTime), it does not check whether the pool has expired (block.timestamp >= expiryTime).

Impact

Users could unknowingly add liquidity to expired pools, leading to irrecoverable funds if the pool’s outcome is already determined.

Tools Used

Manual review

Recommendations

Modify the AaveDivaWrapperCore::_addLiquidity function to include a check ensuring the current block timestamp is before the pool’s expiry time:

Updates

Lead Judging Commences

bube Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.