You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently there are no Health Factor checks when strategists borrow from Aave V3, or Morpho Blue. This can be abused in the following scenario.
Malicious strategist sees a Chainlink DataFeed update TX in the mem pool, that will lower the price a lending pools collateral.
Strategist builds a rebalance TX such that they leverage into that specific collateral, to lower the BoringVaults health factor to just above 1.
Strategist builds a liquidation TX to liquidate the BoringVault
Strategist submits the following bundle to a block builder.
Rebalance TX
Chainlink DataFeed update TX
Liquidation TX
The result is the strategist is able to liquidate the BoringVaults position. It is important to note that such an attack is not entirely risk free, as the block builder could choose to submit their own liquidation TX.
Fix
Create a micro manager that runs a health factor check after making a manageVaultWithMerkleVerification call. This micro manager root should contain the target lending protocols deposit, borrow, repay, and withdraw functions, and additionally flash loan capabilities. The strategist's root would not contain any of the lending protocols functions described above.
The text was updated successfully, but these errors were encountered:
Issue
Currently there are no Health Factor checks when strategists borrow from Aave V3, or Morpho Blue. This can be abused in the following scenario.
The result is the strategist is able to liquidate the BoringVaults position. It is important to note that such an attack is not entirely risk free, as the block builder could choose to submit their own liquidation TX.
Fix
Create a micro manager that runs a health factor check after making a
manageVaultWithMerkleVerificationcall. This micro manager root should contain the target lending protocols deposit, borrow, repay, and withdraw functions, and additionally flash loan capabilities. The strategist's root would not contain any of the lending protocols functions described above.The text was updated successfully, but these errors were encountered: