Missing Balance Check Before Token Burn in _redeemWTokenPrivate Function
The "AaveDIVAWrapperCore::_redeemWTokenPrivate " function lacks a crucial balance check to verify if the "_wTokenAmount" exceeds the user's available balance before calling the burn function. Without this check, the function relies solely on the burn implementation to handle insufficient balances, which may lead to unexpected behavior or unclear error messages. This oversight could result in failed transactions, hinder user experience, and potentially introduce vulnerabilities if the burn function does not revert as intended. Adding a pre-burn balance validation ensures robust error handling and maintains the function's reliability.
Base on the comment on the "AaveDIVAWrapperCore::_redeemWTokenPrivate" we are suppose to check if the wTokenAmount exceeds the users balance
If _wTokenAmount exceeds the user's balance, the burn function will revert, causing the entire transaction to fail. However, this failure might not provide clear or user-friendly error messages, making debugging difficult.
Tools Used
uint256 userBalance = IWToken(_wToken).balanceOf(_burnFrom);
if (_wTokenAmount > userBalance) revert InsufficientBalance(_burnFrom, _wTokenAmount, userBalance);
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.