⚡Risks We Mitigate

Lending protocols depend on various components such as collateral assets, price oracles, and liquidation mechanisms. Below is an overview of several risks faced by lending protocols and how Sova Guard helps mitigate them:

• Oracle reports an invalid price: Sova Guard validates prices by fetching the latest data from external aggregators like CoinGecko and decentralized exchanges with significant liquidity. If the on-chain price deviates significantly from the market price, the dashboard displays an error.

• Stale oracle price: We monitor the timestamp of the latest price update on-chain and flag failures if the data is outdated, ensuring the protocol uses the most recent price information.

• Malicious deployment in the lending market: Using on-chain explorers, we verify smart contract factory addresses to confirm that deployments are official protocol components and not unauthorized versions.

• Human error in lending market setup: Issues such as a price with an extra zero or swapped oracles for two assets are detected by the price correctness engine, which shows failures on the UI.

• Known attack vector - oracle using spot price from DEX: We simulate large swaps on blockchain forks to detect and prevent oracle manipulation vulnerabilities through this vector.

• Known attack vector - ERC4626 assets as borrowable: We validate market setup configurations to alert on common misconfigurations and simulate generic attacks to ensure fund safety, including donation attacks.

• The owner is still the deployer key (ownership was not renounced): We verify the smart contract setup to ensure the key contracts are controlled by the DAO.

Our automated system continuously validates the security of lending protocols through these checks, which are executed every few minutes. Beyond automated verification, our Core Team conducts manual reviews of collateral assets including:

• Is it possible to instantly redeem the token for the underlying asset?

• Who has the authority to pause redemptions?

• Can the asset issuer control the underlying liquidity?

• Is there any redemption queue?