@cmichelio
The rewards per market are proportional to their totalBorrows which can be changed by a large holder who deposits lots of collateral, takes out a huge borrow in the market, updates the rewards, and then unwinds the position.
Theyβll only pay gas fees as the borrow / repay can happen in the same block.
The Comptroller.refreshCompSpeeds function only checks that the single transaction is called from an EOA, but miners (or anyone if a miner offers services like flash bundles for flashbots) can still run flash-loan-like attacks by first sending a borrow tx increasing the totalBorrows, then the refreshCompSpeeds transaction, and then the repay of the borrow, as miners have full control over the transaction order of the block.
The new rate will then persist until the next call to refreshCompSpeeds.
Attackers have an incentive to drive up the rewards in markets they are a large supplier/borrower in.
The increased rewards that the attacker receives are essentially stolen from other legitimate users.
Make it an admin-only function or use a time-weighted total borrow system similar to Uniswapβs price oracles.
The text was updated successfully, but these errors were encountered:
All reactions