Melodic Mocha Aardvark
Medium
The contract allows for loan fulfillment through functions like acceptBorrowRequest, acceptLoanOffer, and acceptLoanOfferAndFillOrder. Meanwhile, these functions don't include explicit slippage protection mechanisms.
Relavant parts
function acceptBorrowRequest(
Proposal calldata proposal,
uint256 fulfillAmount
) external nonReentrant whenNotPaused {
_assertProposalIsBorrowRequest(proposal);
_acceptOffer(proposal, fulfillAmount);
}
function acceptLoanOffer(Proposal calldata proposal, uint256 fulfillAmount) external nonReentrant whenNotPaused {
_assertProposalIsLoanOffer(proposal);
_acceptOffer(proposal, fulfillAmount);
}
function _acceptOffer(Proposal calldata proposal, uint256 fulfillAmount) private {
uint256 collateralAmountRequired = _calculateCollateralAmountRequired(proposal, fulfillment, fulfillAmount);
}
The point here is that
-
The
fulfillAmountis provided by the caller without any slippage checks. -
There's no mechanism to specify a minimum or maximum acceptable collateral amount.
-
The contract doesn't compare the execution conditions with current market rates or expected values.
-
No response
No response
No response
- The nature of the fulfillment calculation makes these transactions potential targets for MEV
- fulfillment transactions can be front-runned even though expiration check
- The contract allows partial fulfillment, which could lead to unexpected execution if market conditions change rapidly
No response
No response