Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Missing Slippage Protection When Supplying to Aave in AaveDIVAWrapperCore::_ handleTokenOperations

sabanaku77

Summary

The _handleTokenOperations function in the AaveDIVAWrapperCore contract interacts with Aave V3 Pool's supply function to supply collateral tokens. However, the implementation lacks slippage protection, exposing users to potential value loss in certain edge cases.

Vulnerability Details

  • Function Affected: _handleTokenOperations

function _handleTokenOperations(address _collateralToken, uint256 _collateralAmount, address _wToken) private {
// Transfer collateral token from the caller to this contract. Requires prior approval by the caller
// to transfer the collateral token to the AaveDIVAWrapper contract.
IERC20Metadata(_collateralToken).safeTransferFrom(msg.sender, address(this), _collateralAmount);
// Supply the collateral token to Aave and receive aTokens. Approval to transfer the collateral token from this contract
// to Aave was given when the collateral token was registered via `registerCollateralToken` or when the
// allowance was set via `approveCollateralTokenForAave`.
@> IAave(_aaveV3Pool).supply(
@> _collateralToken, // Address of the asset to supply to the Aave reserve.
@> _collateralAmount, // Amount of asset to be supplied.
@> address(this), // Address that will receive the corresponding aTokens (`onBehalfOf`).
@> 0 // Referral supply is currently inactive, you can pass 0 as referralCode. This program may be activated in the future through an Aave governance proposal.
);
// Mint wTokens associated with the supplied asset, used as a proxy collateral token in DIVA Protocol.
// Only this contract is authorized to mint wTokens.
IWToken(_wToken).mint(address(this), _collateralAmount);
}

  • The supply function does not include any parameter or check to ensure that a minimum number of aTokens are received in exchange for the supplied collateral.

  • In scenarios such as high network congestion, MEV (Miner Extractable Value) attacks, or extreme market volatility, the amount of aTokens minted could deviate from the expected value, leading to potential value loss for users.

Impact

  • User Risk: Users supplying collateral through this function may receive fewer aTokens than expected, reducing their effective holdings.

  • Market Conditions: While Aave generally maintains a 1:1 ratio between assets and aTokens, temporary deviations during extreme conditions or protocol upgrades can exacerbate the issue.

Tools Used

  • Code Review: The vulnerability was identified through a manual review of the Solidity code, focusing on token supply operations.

  • Solidity Documentation: Verified the behavior of the supply function in Aave V3 Pool.

Recommendations

  1. Implement Slippage Protection:

    • Add the following code to enforce slippage protection in the _handleTokenOperations function:

function _handleTokenOperations(address _collateralToken, uint256 _collateralAmount, address _wToken, uint256 minExpectedATokens) private {
// Transfer collateral token from the caller to this contract. Requires prior approval.
IERC20Metadata(_collateralToken).safeTransferFrom(msg.sender, address(this), _collateralAmount);
// Record aToken balance before the supply operation.
+ uint256 aTokenBalanceBefore = IERC20Metadata(aTokenAddress).balanceOf(address(this));
// Supply the collateral token to Aave and receive aTokens.
IAave(_aaveV3Pool).supply(
_collateralToken,
_collateralAmount,
address(this),
0 // Referral code
);
// Record aToken balance after the supply operation.
+ uint256 aTokenBalanceAfter = IERC20Metadata(aTokenAddress).balanceOf(address(this));
// Ensure slippage protection.
+ require(
+ aTokenBalanceAfter - aTokenBalanceBefore >= minExpectedATokens,
+ "Slippage protection failed: received fewer aTokens than expected"
+ );
// Mint wTokens associated with the supplied asset.
IWToken(_wToken).mint(address(this), _collateralAmount);
}
Updates

Lead Judging Commences

bube Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.