Aave DIVA Wrapper
DIVA
HardhatDeFi
15,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Lack of redemption delay allows flash loan attacks (AaveDIVAWrapperCore::_redeemWToken)

sabanaku77

Summary

The _redeemWToken function allows users to redeem wTokens without safeguards against flash loan attacks. This vulnerability enables attackers to exploit the contract by borrowing collateral, manipulating token supplies, and withdrawing the collateral in the same transaction.

Vulnerability Details

function _redeemWToken(address _wToken, uint256 _wTokenAmount, address _recipient) internal returns (uint256) {
// Note: wTokens are not transferred to this contract. Instead, they are burnt from the caller's balance by this contract,
// which has the authority to do so as the owner of the wToken. Therefore, no prior approval from the caller is needed.
// Use the user's balance if `_wTokenAmount` equals `type(uint256).max`
uint256 _userBalance = IERC20Metadata(_wToken).balanceOf(msg.sender);
uint256 _wTokenAmountToRedeem = _wTokenAmount;
if (_wTokenAmount == type(uint256).max) {
_wTokenAmountToRedeem = _userBalance;
}
// Withdraw collateral token from Aave, burn wTokens and transfer collateral token to `_recipient`.
// Reverts inside the wToken's burn function if the `_wTokenAmountToRedeem` exceeds the user's wToken balance.
uint256 _amountReturned = _redeemWTokenPrivate(_wToken, _wTokenAmountToRedeem, _recipient, msg.sender);
return _amountReturned;
}

  1. Function Behavior:

    • The _redeemWToken function burns wTokens from the user's balance and calls _redeemWTokenPrivate to withdraw collateral from Aave.

    • There is no restriction or time delay between minting wTokens and redeeming them, making the system vulnerable to flash loans.

  2. Flash Loan Exploit:

    • An attacker could use a flash loan to borrow a large amount of collateral.

    • The attacker deposits the collateral to mint wTokens.

    • Immediately, the attacker redeems wTokens to withdraw the collateral, repaying the loan and profiting from manipulated metrics (e.g., yield or token ratios).

  3. Dependencies:

    • _redeemWTokenPrivate: Handles withdrawal from Aave, burns wTokens, and transfers collateral.

    • _handleTokenOperations: Manages token minting and collateral deposits.

Impact

  • Potential Manipulation:

    • Yields, token supplies, or other protocol metrics may be manipulated.

  • Economic Loss:

    • Flash loan attacks could drain collateral or cause financial instability within the protocol.

Tools Used

  • Manual code review of the _redeemWToken function and related dependencies.

  • Analysis of transaction flow and state updates.

Recommendations

  1. Add a Minimum Holding Period:

    • Require a time delay between minting and redeeming wTokens to mitigate flash loan attacks.

+ mapping(address => uint256) public lastMintTimestamp;
function _redeemWToken(address _wToken, uint256 _wTokenAmount, address _recipient) internal returns (uint256)
{
// Note: wTokens are not transferred to this contract. Instead, they are burnt from the caller's balance by this contract,
// which has the authority to do so as the owner of the wToken. Therefore, no prior approval from the caller is needed.
+ require(block.timestamp > lastMintTimestamp[msg.sender] + MIN_HOLDING_PERIOD, "Flash loan prevention.");
// Use the user's balance if `_wTokenAmount` equals `type(uint256).max`
uint256 _userBalance = IERC20Metadata(_wToken).balanceOf(msg.sender);
uint256 _wTokenAmountToRedeem = _wTokenAmount;
if (_wTokenAmount == type(uint256).max) {
_wTokenAmountToRedeem = _userBalance;
}
// Withdraw collateral token from Aave, burn wTokens and transfer collateral token to `_recipient`.
// Reverts inside the wToken's burn function if the `_wTokenAmountToRedeem` exceeds the user's wToken balance.
uint256 _amountReturned = _redeemWTokenPrivate(_wToken, _wTokenAmountToRedeem, _recipient, msg.sender);
return _amountReturned;
}
Updates

Lead Judging Commences

bube Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.