search

liquity / bold

Liquity v2 monorepo containing the contracts, subgraph and frontend.
https://www.liquity.org/liquity-v2
46 stars 18 forks source link

CS Note 8.12: Zapper Remove Manager Requires Increased Trust #506

Open bingen opened 1 month ago

bingen commented 1 month ago

The zappers implement the same delegation scheme as the core system. There is a removeManager and a receiver, that can be set to different addresses. In the core system, the removeManager cannot directly profit or cause losses by making malicious changes, because the receiver will receive the funds.

In the zappers, the removeManager can directly profit and cause losses by making malicious changes, because they can decide the parameters of the swaps made in the leverage functions. Swapping at bad exchange rates (and sandwiching those swaps) can cause losses to the owner of the trove.

As a result, the trust required in a removeManager that is not also the receiver is higher in the zapper than in the core system.

bingen commented 1 month ago

This is a natural consequence of the increased power (perform swaps) that Leverage Zappers have.