Submission Details
Severity:
Some ERC20 tokens revert when transfer amount is zero which may affect the functionality of the `batchAddLiquidity` function.
Summary
In AaveDIVAWrapperCore::_addLiquidity function safeTransfers collateralToken from the msg.sender to the protocol address to provide liquidity to the aaveLiquidityPool, but the _addLiquidity function doesn't check the _collateralAmount if it's zero or not.
POC
Impact
Some ERC20 tokens like such as LEND will revert if this is attempted, which may cause transactions that involve other tokens (such as batch operations) to fully revert.
Tools Used
Manual Review
Recommendations
Add a zero Amount check in the beginning of the function.
function _addLiquidity(
bytes32 _poolId,
uint256 _collateralAmount,
address _longRecipient,
address _shortRecipient
) internal {
+ require(_collateralAmount !=0, "Invalid Collateral Amount");
// Verify that the collateral token used in the DIVA Protocol pool corresponds to a registered
// collateral token in the AaveDIVAWrapper contract. Returns zero address if the wToken is not registered.
IDIVA.Pool memory _pool = IDIVA(_diva).getPoolParameters(_poolId);
address _collateralToken = _wTokenToCollateralToken[_pool.collateralToken];
......
...
}
Prize pool breakdown
Total prize
15,000 USDC
nSLOC
51929 USDC / LOC
14,000
1,000
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.