TL;DR

Curve interaction can be front-run (risk that seems to be accepted by most in the space)

The way minRatio is used is "unintuitive", would suggest refatoring, or at least adding sanity checks in setMinRatio ← For this strat, minRatio should be above 150

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/2b66f1d9-3847-4627-8f87-565d37f3561f/Screenshot_2021-06-01_at_15.23.58.png

Would recommend using same oracle system as Unit Protocol → Mitigated in new PR

May be worth it to trim down some of the requires in the _withdrawSome as they seem needles

Extra: Review of latest PR

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/d28ccc6f-a391-4842-8c13-488bd4fbc6a2/Screenshot_2021-06-01_at_14.42.44.png

discrepancy between collateralDecimal and renbtc_collateral_decimal would recommend checking that they match and check the constructor argument to ensure it's correct

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/4fc24d81-6d24-49cb-8b91-d92914cfa936/Screenshot_2021-06-01_at_14.43.15.png

Bounty URL

https://gitcoin.co/issue/Badger-Finance/badger-system/121/100025756

Context given by author

In general, this strategy will collateralize renBTC in Unit Protocol to mint USDP the stablecoin and then single-sided LPing in Curve for CRV yield-farming. Slippage protection added for single-sided USDP in and out. In short, the strategy profit comes from CRV emission (no boost).

Unit Protocol use Chainlink for renBTC collateral price feed thus make it quite secure against price manipulation. The interface of its CDPManager is quite straight-forward to have a join() method to allow deposit of collateral and mint stablecoin while another exit() method allows to redeem collateral and pay back debt.

This strategy provide a view function currentRatio() to gain insight how safe is the collateralization. If the collateral value to debt ratio drops below predefined minimum minRatio (usually safe from the liquidation threshold set by Unit Protocol), a keeper bot should call keepMinRatio() to pay back some debt by withdrawing USDP from Curve pool to avoid risky situation.

Unit Protocol has conducted some audits from Certik/MixBytes/LevelK and is well-supported by Yearn/Andre