|
|
|
|
|
|
by SilasX
1344 days ago
|
|
|
Not quite. Per this other comment[1], there's a difference between correctness vs fitness for purpose. The code was correct -- if, previously you had walked through the logic of the attack with them, the coders would have said, "yep, that's what we want it to do -- lend that much, based on those oracles' prices". They just didn't realize that there are dangers of using a price oracle for collateral valuation that has recently shown a sharp upward movement. (Which fals under "fitness for purpose".) So the code correctly lent to someone at Mango's current valuation, it just didn't require the optimal-in-hindsight collateral ratio for such a volatile asset. [1] https://news.ycombinator.com/item?id=33173028 |
|
|