We are currently investigating the attack on sDOLA LlamaLend markets. Investigation shows that it is made possible by a combination of which price oracle is used for sDOLA (e.g. whether affected by donation attacks) vs how much sDOLA existed outside of collateral in this market. The attacker made a relatively small profit, but the attack emphasized the importance of handling vault collaterals in a specific manner in LlamaLend. Borrowers who borrowed against sDOLA were liquidated, lenders are unaffected, and holders of sDOLA made some profit. Further investigation is ongoing to verify if any of other existing similar markets can be affected in future and making sure that LlamaLend V2 is made safe with even "donation-vulnerable" vault collaterals at all market sizes. Luckily, oracle code which was made for 2-way LL markets (not deployed) seems to be a good mitigation for such attacks for any vaults: we are studying that in details now to incorporate in all future markets with vault collateral.
YAM
@yieldsandmore
03-02
This is NOT an @InverseFinance exploit, but an issue with LlamaLend.
The exploiter liquidated practically all users who supplied sDOLA and borrowed crvUSD on Llamalend. He did a 'donation attack' on sDOLA, moving it from ~1.188 sDOLA = 1 DOLA to ~1.358 sDOLA = 1 DOLA.
We x.com/Phalcon_xyz/st…
From Twitter
Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Like
Add to Favorites
Comments
Share
