Strategist could use DexAggregatorUManager, or DexSwapperUManager and still be able to extract value from the BoringVault

[crispymangoes]

Issue

The aforementioned micro managers perform value in vs value out checks on UniswapV3 and 1inch swaps. Even with these checks, the strategist could perform multiple swaps that barely pass the slippage check, in order to extract a larger amount of value over time.

Fix

The micro managers make this attack vector substantially messier, but not impossible. One possible solution would be to make the slippage requirements even stricter. Another one would be to add some rate limiting logic in the micro manager to prevent the strategist from swapping excessively.

The issue with both of the solutions above is they severely constrain the strategist to the point where I worry that they would not be able to take appropriate actions during a black swan event. Now we could implement one or both of these fixes, but then have separate micro managers, or just have a more trusted strategist multisig be able to perform swap actions without micro managers.

[Saraeutsza]

#16 (comment)