Security breaches in Aave or Pendle Power Farms may lead to Wise Lending asset loss.

[c4-bot-8]

Lines of code

https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/WrapperHub/AaveHub.sol#L122-L151 https://github.com/code-423n4/2024-02-wise-lending/blob/79186b243d8553e66358c05497e5ccfd9488b5e2/contracts/PowerFarms/PendlePowerFarmController/PendlePowerFarmController.sol#L113-L170

Vulnerability details

Impact

If an integrated system, such as Aave or Pendle Power Farms, experiences a security breach or exploit, it could lead to the loss of funds stored in the Wise Lending protocol. Attackers may be able to drain liquidity, steal assets, or manipulate the external system's functionality to their advantage.

Cascading failures in an integrated system can propagate to the Wise Lending protocol, causing cascading failures or unexpected behavior. For example, if Aave experiences a liquidity crisis or a critical bug, it could disrupt the borrowing and lending functionality in the Wise Lending protocol.

Proof of Concept

Integration with external systems such as the Aave protocol and Pendle Power Farms, introduces additional security risks and considerations.

AaveHub contract interacts with the Aave protocol for lending and borrowing functionality. The depositExactAmount function: AaveHub.sol#depositExactAmount

function depositExactAmount(
    uint256 _nftId,
    address _underlyingAsset,
    uint256 _amount
)
    public
    nonReentrant
    validToken(_underlyingAsset)
    returns (uint256)
{
    _safeTransferFrom(
        _underlyingAsset,
        msg.sender,
        address(this),
        _amount
    );

    uint256 lendingShares = _wrapDepositExactAmount(
        _nftId,
        _underlyingAsset,
        _amount
    );

    emit IsDepositAave(
        _nftId,
        block.timestamp
    );

    return lendingShares;
}

The depositExactAmount function transfers the underlying asset from the user to the AaveHub contract and then calls the internal _wrapDepositExactAmount function to interact with Aave for depositing the funds.

The PendlePowerFarmController contract integrates with Pendle Power Farms for yield farming functionality. The exchangeLpFeesForPendleWithIncentive function: PendlePowerFarmController.sol#exchangeLpFeesForPendleWithIncentive

function exchangeLpFeesForPendleWithIncentive(
    address _pendleMarket,
    uint256 _pendleChildShares
)
    external
    syncSupply(_pendleMarket)
    returns (
        uint256,
        uint256
    )
{
    // ...

    uint256 withdrawnAmount = IPendlePowerFarmToken(pendleChild).withdrawExactShares(
        _pendleChildShares
    );

    _safeTransfer(
        _pendleMarket,
        msg.sender,
        withdrawnAmount
    );

    // ...
}

The exchangeLpFeesForPendleWithIncentive function interacts with the Pendle Power Farms system to exchange LP fees for PENDLE tokens.

Integrating with external systems lacks comprehensive security checks and validation. For example, there are no explicit checks to verify the security or integrity of the Aave protocol or Pendle Power Farms before interacting with them. The protocol relies on the assumption that these external systems are secure and behave as expected.

The code does not include clear contingency plans or risk mitigation strategies to handle potential security incidents or failures in the integrated systems. There are no explicit mechanisms to pause or halt interactions with external systems in case of detected vulnerabilities or anomalies.

Consider a scenario where a critical vulnerability is discovered in the Aave protocol, allowing attackers to drain funds from Aave's liquidity pools. An attacker exploits this vulnerability and steals a significant amount of funds from Aave. As a result, the Wise Lending protocol, which integrates with Aave, is impacted. Users who have deposited funds into Aave through the Wise Lending protocol may lose their assets, and the protocol's overall liquidity and functioning could be severely disrupted.

Tools Used

VsCode

Recommended Mitigation Steps

Implement secure integration mechanisms, such as using secure communication channels, authentication, and authorization protocols when interacting with external systems.

• Validate and sanitize all data received from external systems to prevent potential attacks or manipulation.
• Develop and maintain contingency plans and risk mitigation strategies to handle potential security incidents or failures in integrated systems.
• Implement mechanisms to pause or halt interactions with external systems in case of detected vulnerabilities or anomalies.
• Have a clear incident response plan in place to quickly respond to and mitigate the impact of security incidents originating from integrated systems.

Assessed type

Other

[c4-pre-sort]

GalloDaSballo marked the issue as insufficient quality report

[GalloDaSballo]

Unclear risk + I think it should go in analysis

[vm06007]

Out of scope I think as well, since was mentioned that Aave protocol risks (since it is upgradable proxy) should not be included.

[c4-judge]

trust1995 marked the issue as unsatisfactory: Invalid