Aave DIVA Wrapper

Summary

The AaaveDivaWrapperemits an event and returns a variable for most of the functions, but most impportantly for this submission - removeLiquidityand batchRemoveLiquidity.

However, there are no event emissions nor return variable in addLiquidityand batchAddLiquidity.

Which is inconsistent with the rest of the contract.

Vulnerability Details

IAaveDivaWrapperdoes not have an event that corresponds to an event where a user adds liquidity - either in batchAddLiquidityor addLiquidity.

There are events that correspond to the remainder of actions that happen via AaveDivaWrapperand AaveDivaWrapperCore.

In fact, all event emissions are handled and emitted via AaveDivaWrapperCore.

Here are the return variable declarations and event emissions for removeLiquidityevents. The same logic is used in batchRemoveLiquidity- the event is emitted after each iteration, and the return variable _amountReturnedis stored in an array and returned as an array after all iterations.

However, the addLiquidityand batchAddLiquidityfunctions do not emit any event or return a value that symbolizes the amount of liquidity added.

Impact

When a user adds liquidity to a pool via AaveDivaWrapper- neither a return variable symbolizing the amount of liquidity added nor an event emission of the add liquidity event will be done.

Tools Used

Recommendations

The function can follow the consistency of the rest of the contract if an event is emitted along with the addLiquidityevent and a return variable of amountof liquidity added.

For batchAddLiquidity, follow the logic of removeLiquidity- storing the amount of liquidity added after each iteration in an array and return the array of amounts after all iteration. In AaveDivaWrapperCore- emit an event after each iteration, same flow as in batchRemoveLiquidity.