Skip to content

Add Aave Lending Deposit and Withdrawal With Delegation #136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MoMannn wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Add Aave Lending Deposit and Withdrawal With Delegation #136

MoMannn wants to merge 7 commits into from

Conversation

@MoMannn
Copy link
Contributor

@MoMannn MoMannn commented Jun 20, 2025
edited by hanzel98
Loading

What?

  • Test on how to best use delegations to deposit / withdraw funds for Aave v3 protocol.

Why?

  • Requested feature.

How?

  • By leveraging existing caveat enforcers

Notes

  • This PR includes a POC of the adapter that will be used for interacting with the Aave protocol. This adapter helps skip the ERC20 approval step and directly transfer ERC20 tokens using a delegation.

@MoMannn MoMannn requested a review from a team as a code owner June 20, 2025 13:09
@MoMannn MoMannn self-assigned this Jun 20, 2025
@MoMannn MoMannn requested a review from hanzel98 June 20, 2025 13:09
@hanzel98 hanzel98 added the new release This PR goes to the next release label Jun 25, 2025
@hanzel98 hanzel98 changed the title feat: Add Aave lending deposit and withdrawal with delegation Add Aave Lending Deposit and Withdrawal With Delegation Jun 26, 2025
cursor[bot]

This comment was marked as outdated.

Sign in to view

@hanzel98
Copy link
Contributor

hanzel98 commented Jul 2, 2025
edited
Loading

It is pending to validate if we prefer the simple withdrawByDelegation or withdrawByDelegationOpenEnded

If we decide that we want both options, then we need to unify the code to avoid code duplication and also apply the same approach to the other adapters.

cursor[bot]
cursor bot reviewed Jul 2, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Withdrawal Events Emit Incorrect Amount

The withdrawByDelegation and withdrawByDelegationOpenEnded functions incorrectly emit the WithdrawExecuted event with the requested _amount parameter. The aavePool.withdraw() function returns the actual amount withdrawn, which can differ from the requested amount (e.g., when type(uint256).max is used for full withdrawal). This leads to inaccurate event data.

src/helpers/AaveAdapter.sol#L186-L189

delegation-framework/src/helpers/AaveAdapter.sol

Lines 186 to 189 in 67a37fb

// Withdraw from Aave directly to the delegator
aavePool.withdraw(_token, _amount, msg.sender);
emit WithdrawExecuted(msg.sender, msg.sender, _token, _amount);

src/helpers/AaveAdapter.sol#L217-L220

delegation-framework/src/helpers/AaveAdapter.sol

Lines 217 to 220 in 67a37fb

// Withdraw from Aave directly to the delegator
aavePool.withdraw(_token, _amount, _delegations[0].delegator);
emit WithdrawExecuted(_delegations[0].delegator, msg.sender, _token, _amount);

Fix in Cursor

Bug: Allowance Overflow in SafeIncreaseAllowance

The _ensureAllowance function can cause an arithmetic overflow. If the current allowance is non-zero but insufficient, calling safeIncreaseAllowance with type(uint256).max will attempt currentAllowance + type(uint256).max, which overflows uint256 and reverts the transaction (due to Solidity 0.8+ overflow checks). This logical flaw, while unlikely in practice, can be resolved by using safeApprove to set the allowance directly to type(uint256).max or by calculating the precise increase amount.

src/helpers/AaveAdapter.sol#L93-L99

delegation-framework/src/helpers/AaveAdapter.sol

Lines 93 to 99 in 67a37fb

/// @param _amount Amount needed for the operation
function _ensureAllowance(IERC20 _token, uint256 _amount) private {
uint256 allowance_ = _token.allowance(address(this), address(aavePool));
if (allowance_ < _amount) {
_token.safeIncreaseAllowance(address(aavePool), type(uint256).max);
}
}

Fix in Cursor

Was this report helpful? Give feedback by reacting with 👍 or 👎

@hanzel98
Copy link
Contributor

hanzel98 commented Sep 3, 2025

This PR needs an RPC URL secret on github to work

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@hanzel98 hanzel98 Awaiting requested review from hanzel98

At least 1 approving review is required to merge this pull request.

Assignees

@MoMannn MoMannn

Labels

new release This PR goes to the next release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MoMannn @hanzel98