This repository has been archived by the owner on Dec 17, 2023. It is now read-only.
0x52 - eMode implementation is completely broken #251
Labels
Has Duplicates
A valid issue with 1+ other issues describing the same vulnerability
High
A valid High severity issue
Reward
A payout will be made for this issue
Sponsor Confirmed
The sponsor acknowledged this issue is valid
Will Fix
The sponsor confirmed this issue will be fixed
0x52
high
eMode implementation is completely broken
Summary
Enabling eMode allows assets of the same class to be borrowed at much higher a much higher LTV. The issue is that the current implementation makes the incorrect calls to the Aave V3 pool making so that the pool can never take advantage of this higher LTV.
Vulnerability Detail
AaveLeverageStrategyExtension.sol#L1095-L1109
When calculating the max borrow/repay allowed, the contract uses the getReserveConfigurationData subcall to the pool.
AaveProtocolDataProvider.sol#L77-L100
The issue with using getReserveConfigurationData is that it always returns the default settings of the pool. It never returns the adjusted eMode settings. This means that no matter the eMode status of the set token, it will never be able to borrow to that limit due to calling the incorrect function.
It is also worth considering that the set token as well as other integrated modules configurations/settings would assume this higher LTV. Due to this mismatch, the set token would almost guaranteed be misconfigured which would lead to highly dangerous/erratic behavior from both the set and it's integrated modules. Due to this I believe that a high severity is appropriate.
Impact
Usage of eMode, a core function of the contracts, is completely unusable causing erratic/dangerous behavior
Code Snippet
AaveLeverageStrategyExtension.sol#L1095-L1109
Tool used
Manual Review
Recommendation
Pull the adjusted eMode settings rather than the base pool settings
The text was updated successfully, but these errors were encountered: