HardhatDeFi
15,000 USDC
View results
Submission Details
Severity: medium
Invalid

Missing Expiry Time Validation in _addLiquidity Function Allows Adding Liquidity to Expired Pools

Summary

The addLiquidity function in the AaveDIVAWrapperCore contract fails to validate the expiry time of the target pool. This omission enables users to add liquidity to pools that have already expired, violating the intended lifecycle of DIVA Protocol pools and potentially leading to financial losses or protocol misuse.

Vulnerability Details

  • The _addLiquidity function interacts with DIVA Protocol's addLiquidity method to deposit collateral into an existing pool identified by _poolId.

  • While the function retrieves the pool's parameters (including expiryTime), it does not check whether the pool has expired (block.timestamp >= expiryTime).

Impact

Users could unknowingly add liquidity to expired pools, leading to irrecoverable funds if the pool’s outcome is already determined.

Tools Used

Manual review

Recommendations

Modify the AaveDivaWrapperCore::_addLiquidity function to include a check ensuring the current block timestamp is before the pool’s expiry time:

Updates

Lead Judging Commences

bube Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.