Spearbit: Whale Sniper POC and Mitigation
Opened this issue · 2 comments
GalloDaSballo commented
https://discord.com/channels/883432404780466176/1118240163093565561/1126108851926736907
Current idea for mitigation:
- Claim Fee Split before each external operation as to avoid a negative CR movement that can be triggered by an attacker
GalloDaSballo commented
Suggested Mitigation:
- Every external function should claim fee split before checking for invariants
rayeaster commented
POC:
Currently without suggested mitigation, attacker could maliciously trigger Recovery Mode by opening CDP (and claim split fee)
7efb8fc#diff-5ddca7889d3b2863c5275d1be6235a1e27e5ddbe694626bd13aa7c12b8099443R599