Every position gets its own UserProxy clone contract, so one user’s problems can’t spill over to another. The proxy only accepts calls from the FlashLeverage contract during normal operation, and the user can only call it directly if Manual Mode has been explicitly enabled by the contract owner.Ownership uses OpenZeppelin’s Ownable2Step for safe two-step transfers, and renounceOwnership() is disabled so the protocol always retains administrative capability. All flash loan callback handlers have reentrancy guards. The liquidation buffer is a compile-time constant that can’t be changed after deployment.Every function that modifies state validates its inputs - no zero addresses, no zero amounts, collateral tokens must be registered, positions must be open, and the resulting LTV must be within bounds.
Only routers that have been explicitly added by the owner can execute swaps. Every swap output is checked against the minTokenOut parameter. If a router gets compromised, the owner can remove it.
Recovery Mode is the main escape hatch. If funds get stuck within the FlashLeverage Contract because of any reason, the contract owner can enable manual mode on the affected positions, so the position owner can then interact with Morpho contracts directly to repay debt or withdraw collateral.The recover() function on UserProxy lets position owners retrieve any ERC20 tokens that ended up in the proxy by accident or accumulated as rewards.
