Security

Please note that although the platform is a fork of AAVE-v2 / POLTER, there are some changes implemented for additional security and safety of our users.

Common security protections

We have noticed that almost every exploit of other platforms have required the use of a smart contract. For that reason we protect users funds by not allowing smart contracts to borrow from the lending pool, unless whitelisted. This feature alone protects against most market threats.

Flash Loan Protections

Flash loan attacks happen when an attacker borrows funds from another lending platform such as AAVE and then uses these funds to manipulate the price oracle of an asset and borrow in a single transaction.

This has happened to many protocols but most recently: https://rekt.news/polter-finance-rekt/

  1. Flash loans are prevented by only using Chainlink + Uniswap V3 TWAP oracles

    1. These oracles cannot be manipulated by flash loans.

  2. Flash loans are prevented by not allowing smart contracts to borrow from the pool.

    1. Trusted third parties can be whitelisted to allow borrowing.

Empty Market Protections

In AAVE, when a new market is deployed, it is vulnerable to being exploited when there are no funds in it. This what happened to SONNE finance https://medium.com/@SonneFinance/post-mortem-sonne-finance-exploit-12f3daa82b06.

  1. We prevent this by requiring funds to be added when a new market is created. These funds are used to mint some initial aToken and then sending them to a burn address. This ensures the market is never empty.

  2. This is required when creating a new market, if for any reason the mint or burn fails, the new market will not be created. This is enforced within the smart contract itself.

  3. Finally, we will also implement best practices of deploying a market in a single TX using the multisig wallet and timelock.

PreviousLiquidationsNextAudits

Last updated