Stratax Contracts

First Flight #57
Beginner FriendlyDeFi
100 EXP
Submission Details
Impact: medium
Likelihood: medium

Health Factor Validation Uses Static Threshold Without Accounting for Execution-Time Changes

Author Revealed upon completion

Root + Impact

Description

  • During leveraged position creation, the protocol validates safety by checking that the health factor is greater than 1e18 inside _executeOpenOperation.


require(healthFactor > 1e18);

This check assumes the calculated health factor remains valid throughout the entire execution flow. However, opening a leveraged position involves multiple external operations, including flash loans, token swaps via an aggregation router, and Aave supply/borrow interactions.

Because the health factor is validated only once and no safety buffer is enforced, execution-time changes such as swap slippage, oracle updates, or interest accrual may reduce the final health factor below safe levels.

As a result, a position can pass validation but end up very close to — or even below — liquidation threshold immediately after creation.

Risk

Likelihood:

  • Swap aggregators introduce unavoidable slippage.

  • Market prices may change between calculation and final settlement.

  • Lending protocol state (interest/index updates) may slightly alter borrowing power.

These conditions occur regularly in live DeFi environments.

Impact:

  • Users may open positions that are instantly liquidatable.

  • Unexpected liquidations may occur despite passing protocol checks.

  • Protocol safety assumptions become unreliable.

Proof of Concept

Example scenario:

  1. User opens a leveraged position.

  2. Calculated health factor = 1.02, which passes validation.

  3. Swap execution returns fewer tokens due to slippage.

  4. Supplied collateral becomes lower than expected.

  5. Final health factor drops to 0.99.

  6. Position becomes liquidatable immediately after opening.

The protocol does not re-check the health factor after completing all operations.

Recommended Mitigation

Recalculate and validate the health factor after completing all leverage operations.

uint256 finalHealthFactor = getHealthFactor(user);
require(finalHealthFactor > MIN_HEALTH_FACTOR, "Unsafe position");

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!