Below is an excerpt from the medium article written today on 0vix’s post mortem protocol exploit. 0VIX Exploit Post-Mortem & Steps to Recovery | by 0VIX | May, 2023 | Medium
Just wondering if the Radiant team is cognizant of the below paragraph excerpt and has better safety implementation on the protocol seeing that the lending/ borrowing portion of the protocol is a fork of AAVe. I believe using Chainlink feeds is already better, but wondering if there is any further details the team can share regarding mitigation of such intricate schemes.
*This incident highlights the risks of a toxic liquidation spiral once triggered. We take the opportunity to reiterate that this vulnerability is currently present in all DeFi protocols whose core codebase is based on Compound and AAVE forks, thus deserving urgent attention. Oracle prices can be manipulated in a multitude of ways, toxic liquidation spirals, on the other hand, always follow the same fundamental mechanic.
To prevent this now known common risk the team has already started working on remedying it. Liquidation incentives need to either scale with a liquidated user’s loan-to-value ratio or liquidations be halted altogether whenever a user’s loan-to-value crosses their toxic liquidation threshold. Implementing these changes on 0VIX requires significant changes to the core contracts. This involves considerable developer time, risk assessment and arranging new audits. Although the 0VIX core team was in the process of actively working through these, the exploit occurred before security changes and enhanced risk measures could be fully implemented.