Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Flexibility for Referral Code Management

waydou

Summary

The _handleTokenOperations function handles the transfer, supply, and minting of tokens for collateral management in the DIVA Protocol. While the implementation currently sets the referral code to 0 when interacting with the Aave protocol, the documentation indicates that referral codes could be activated through a governance proposal in the future. However, the current implementation lacks a mechanism to update or customize this referral code, which could lead to missed opportunities or inefficiencies.

Vulnerability Details

The following code snippet in _handleTokenOperations specifies a hardcoded referral code of 0 when interacting with Aave:

IAave(_aaveV3Pool).supply(
_collateralToken, // Address of the asset to supply to the Aave reserve.
_collateralAmount, // Amount of asset to be supplied.
address(this), // Address that will receive the corresponding aTokens (`onBehalfOf`).
0 /// Referral supply is currently inactive, you can pass 0 as referralCode. This program may be activated in the future through an Aave governance proposal.
);

Aave’s governance may enable referral programs in the future, allowing projects to earn incentives by including their referral code. The absence of a way to update the referral code creates a rigid implementation and may require future redeployment of the contract to accommodate governance changes.

Impact

Lost Opportunities for Revenue: If Aave enables referral codes, the protocol could miss out on potential incentives for every supply operation.

Tools Used

Manual review

Recommendations

Introduce Referral Code Configurability

Updates

Lead Judging Commences

bube Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.