Melodic Mocha Aardvark
Medium
The contract allows for loan fulfillment through functions like acceptBorrowRequest
, acceptLoanOffer
, and acceptLoanOfferAndFillOrder
. Meanwhile, these functions don't include explicit slippage protection mechanisms.
Relavant parts
function acceptBorrowRequest(
Proposal calldata proposal,
uint256 fulfillAmount
) external nonReentrant whenNotPaused {
_assertProposalIsBorrowRequest(proposal);
_acceptOffer(proposal, fulfillAmount);
}
function acceptLoanOffer(Proposal calldata proposal, uint256 fulfillAmount) external nonReentrant whenNotPaused {
_assertProposalIsLoanOffer(proposal);
_acceptOffer(proposal, fulfillAmount);
}
function _acceptOffer(Proposal calldata proposal, uint256 fulfillAmount) private {
uint256 collateralAmountRequired = _calculateCollateralAmountRequired(proposal, fulfillment, fulfillAmount);
}
The point here is that
-
The
fulfillAmount
is provided by the caller without any slippage checks. -
There's no mechanism to specify a minimum or maximum acceptable collateral amount.
-
The contract doesn't compare the execution conditions with current market rates or expected values.
-
No response
No response
No response
- The nature of the fulfillment calculation makes these transactions potential targets for MEV
- fulfillment transactions can be front-runned even though expiration check
- The contract allows partial fulfillment, which could lead to unexpected execution if market conditions change rapidly
No response
No response