MetaLend Audits and Security Updates
Live document updating the community on MetaLend's security practices and rolling improvements.
Last updated
Live document updating the community on MetaLend's security practices and rolling improvements.
Last updated
Limit Order Audit:
Security Notes and Previous Announcements
In light of recent hacks in the DeFi space, we would like to provide an update for our community on MetaLend’s security practices as it relates to the vulnerabilities discovered in Euler.finance and Paraspace this past week.
On March 13, 2023 Euler.finance fell victim to a hack. Rest assured that Metalend was not affected by this breach and does not have any similar vulnerabilities. The exploit was made possible due to a flaw in the Euler protocol, which allowed users to donate collateral (eTokens) without undergoing any liquidity checks (against their dTokens). Using the recursive borrowing feature on Euler, the hackers were able to borrow 10 times their deposited amount and then donated a significant portion of the collateral to the protocol. This forced their account into a shortfall with an increased liquidation discount, in line with Euler's liquidation incentive policy. The hackers liquidated themselves from another account and made away with $200 million in profits. At MetaLend, we prioritize security and have implemented strict measures to ensure our users' safety. Our protocol does not allow users to conduct any transfer or redeem actions without a liquidity check, and we do not currently support recursive borrowing, making such an attack impossible.
On March 17th, an unrelated attack took place on ParaSpace. In this case, BlockSec tracked a vulnerability in ParaSpace’s scaledBalance contract, which allowed the attacker to borrow more tokens against their collateral than it was worth by following a six-step process outlined by BlockSec here. The MetaLend protocol keeps each user’s liquidity separated when staking via a mediator contract, such that only the user that supplies tokens to the contract is able to take action on his or her token balance. This allows the protocol to ensure the security of each user's individual funds without risking those of other users and preventing a similar attack from taking place on MetaLend.
We will continue to prioritize security to ensure our users have peace of mind while utilizing our platform, and welcome any feedback and suggestions!