Aave DIVA Wrapper

DIVA

HardhatDeFi

15,000 USDC

View results

Previous Next

Submission Details

Severity: low

Valid

Lack of Update/Removal Mechanisms for Key Contract Variables

bshyuunn

01. Relevant GitHub Links

02. Summary

The AaveDIVAWrapper contract defines several critical variables—particularly _diva, _aaveV3Pool, and mappings like _collateralTokenToWToken—which are only set once. There are no functions allowing the contract owner (or any other entity) to either update or remove these references. Consequently, if a collateral token turns out to be invalid, deprecated, or otherwise compromised, there is no mechanism to delete it. Similarly, if _diva or _aaveV3Pool addresses need to change (e.g., due to upgrades or identified security issues), there is no built-in function to facilitate this.

03. Vulnerability Details

Irremovable Collateral Tokens

Mappings such as:

// Mappings between collateral tokens (e.g., USDC or USDT) to their corresponding wTokens, which are used as

// proxy collateral tokens in DIVA Protocol. Set by contract owner via `registerCollateralToken`.

mapping(address => address) private _collateralTokenToWToken;

mapping(address => address) private _wTokenToCollateralToken;

are set using registerCollateralToken but lack any function to remove a registered collateral token. This means if a token is mistakenly added or later becomes unsafe, there is no direct way to unregister or replace it.

Immutable Core Addresses

The constructor sets _diva and _aaveV3Pool once:

constructor(address diva_, address aaveV3Pool_, address owner_) Ownable(owner_) {

if (diva_ == address(0) || aaveV3Pool_ == address(0)) {

revert ZeroAddress();

}

_diva = diva_;

_aaveV3Pool = aaveV3Pool_;

...

}

No function exists to update these addresses. If _diva or _aaveV3Pool need to change for any reason (e.g., contract upgrades, identified vulnerabilities, or protocol migrations), there is no built-in flexibility to do so.

This design choice appears to prioritize simplicity and trust that the initially set addresses will remain valid indefinitely. However, in decentralized finance (DeFi), protocol upgrades or the need to deprecate certain tokens are relatively common. A complete lack of update/removal mechanisms can hinder the protocol’s ability to adapt and mitigate unforeseen issues.

04. Impact

Operational Risk: If the registered collateral token becomes deprecated or if there is a security flaw with the token contract, the AaveDIVAWrapper contract cannot remove or replace it. This may force the entire system to rely on an unsafe or useless token indefinitely or require a full contract migration.

05. Tools Used

Manual Code Review and Foundry

06. Recommended Mitigation

Implement a function (restricted to the contract owner) allowing the removal of any collateral token from _collateralTokenToWToken and _wTokenToCollateralToken. This ensures that invalid or compromised tokens can be deprecated.
Provide functions to update _diva and _aaveV3Pool if necessary. These can be restricted through onlyOwner or a more robust governance mechanism to prevent unauthorized changes.

Updates

Lead Judging Commences

bube Lead Judge 5 months ago

Submission Judgement Published

Validated

Assigned finding tags:

Immutable Aave pool address

Prize pool breakdown

Total prize

15,000 USDC

nSLOC

519

29 USDC / LOC

High Medium

14,000

Low

1,000

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.