ebtc-protocol/ebtc

Spearbit: Whale Sniper POC and Mitigation

Opened this issue · 2 comments

GalloDaSballo commented

https://discord.com/channels/883432404780466176/1118240163093565561/1126108851926736907

Current idea for mitigation:

  • Claim Fee Split before each external operation as to avoid a negative CR movement that can be triggered by an attacker
GalloDaSballo commented

Suggested Mitigation:

  • Every external function should claim fee split before checking for invariants
  • 👍1
rayeaster commented

POC:

Currently without suggested mitigation, attacker could maliciously trigger Recovery Mode by opening CDP (and claim split fee)
7efb8fc#diff-5ddca7889d3b2863c5275d1be6235a1e27e5ddbe694626bd13aa7c12b8099443R599