Missing `supplyCollateral`, `borrowDebt`, and `repayDebt` functions leave positions unmanageable and exposed to liquidation
Missing supplyCollateral, borrowDebt, and repayDebt functions leave positions unmanageable and exposed to liquidation
Description
The README specifies the position owner's powers as:
Can create leveraged positions, unwind positions, supply additional collateral, withdraw collateral, borrow debt tokens, and repay debt
However, only three of these six functions are implemented:
| Documented Power | Implemented | Function |
|---|---|---|
| Create leveraged positions | Yes | createLeveragedPosition |
| Unwind positions | Yes | unwindPosition |
| Withdraw collateral | Yes | withdrawCollateral |
| Supply additional collateral | No | — |
| Borrow debt tokens | No | — |
| Repay debt | No | — |
The contract's IPool interface already defines supply, borrow, and repay — and the contract itself uses all three internally during flash loan callbacks — but none are exposed as owner-callable external functions.
The most critical missing function is supplyCollateral. When a leveraged position's health factor declines toward the liquidation threshold (e.g., due to collateral price dropping or debt token price rising), the only way to prevent Aave liquidation is to supply additional collateral. Without this function, the owner is forced to watch their position get liquidated with no ability to intervene.
Similarly, the absence of repayDebt means an owner cannot partially de-risk a position by repaying some debt to improve the health factor — the only option is a full unwindPosition, which is an all-or-nothing operation requiring a flash loan and a DEX swap.
The missing borrowDebt function prevents the owner from borrowing against excess collateral in their Aave position, reducing capital flexibility.
Risk
Likelihood:
Leveraged positions on Aave are inherently volatile — the health factor is a function of both collateral and debt token prices, which move continuously. Any position held for more than a short period will experience health factor fluctuations. During a market downturn, the owner needs to act quickly to add collateral or repay debt. Since the contract provides no mechanism for either action, the owner's only option when the health factor drops is to fully unwind the position (which itself may fail due to DEX slippage or flash loan availability during volatile markets) or accept liquidation. This is not an edge case: it is the normal lifecycle of a leveraged position.
Impact:
Positions approaching the liquidation threshold cannot be rescued. The owner has no way to supply additional collateral to improve the health factor, and no way to partially repay debt to reduce exposure. The only available action — full unwind — requires favorable market conditions to execute (DEX liquidity, acceptable slippage), which are precisely the conditions that are absent during the sharp price moves that cause health factor deterioration. This creates a scenario where positions are most likely to be liquidated exactly when the tools to prevent it are most needed and least available. Liquidation on Aave V3 incurs a 5–10% liquidation bonus penalty on the collateral, representing a direct and significant loss to the user.
Proof Of Concept
If you look through the Stratax.sol contract you can clearly see these functions are missing.
Recommended Mitigation
Add the three missing owner-callable functions:
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.
Rewards Distribution
The contest is complete and the rewards are being distributed.