Critical-risk tools in Justlend
20 of the 96 tools in Justlend are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
return_energy_rentalDestructiveReturn (cancel) an active energy rental. As a renter, provide the receiver address.
-
claim_rewardsFinancialClaim accrued JustLend mining rewards for the configured wallet.
-
claim_strx_rewardsFinancialClaim all available sTRX staking rewards.
-
deposit_jst_for_votesFinancialDeposit JST into the WJST contract to get voting power.
-
moolah_borrowFinancialFlexible Moolah borrow entry point.
-
moolah_liquidateFinancialLiquidate an undercollateralized Moolah position.
-
moolah_repayFinancialRepay a Moolah market loan.
-
moolah_supply_collateralFinancialSupply collateral into a Moolah market to enable borrowing.
-
moolah_vault_depositFinancialDeposit assets into a Moolah ERC4626 vault to earn yield.
-
moolah_vault_withdrawFinancialWithdraw underlying assets from a Moolah vault by specifying the asset amount.
-
moolah_withdraw_collateralFinancialWithdraw collateral from a Moolah market.
-
rent_energyFinancialRent energy from JustLend for a specified receiver address.
-
repayFinancialRepay borrowed assets to a JustLend market.
-
supplyFinancialSupply (deposit) assets into a JustLend market to earn interest.
-
transfer_trc20FinancialTransfer TRC20 tokens to another TRON address.
-
transfer_trxFinancialTransfer TRX to another TRON address.
-
withdrawFinancialWithdraw (redeem) supplied assets from a JustLend market.
-
withdraw_allFinancialWithdraw ALL supplied assets from a JustLend market by redeeming all jTokens.
-
withdraw_votes_from_proposalFinancialWithdraw (reclaim) votes from a completed or canceled proposal.
-
withdraw_votes_to_jstFinancialWithdraw WJST back to JST. Can only withdraw votes that are not currently locked in active proposals.
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.