Liquity

Recon conducted a comprehensive invariant testing audit of Liquity v2 (BOLD), one of the most anticipated DeFi protocol launches. The audit exceeded client expectations in breadth and depth, uncovering several critical technical, arithmetic, and economic issues.

The Challenge

Liquity v2 is a complex lending protocol with novel economic mechanisms. The codebase featured intricate arithmetic for interest rate calculations, multi-collateral support, and new liquidation mechanics. Traditional auditing alone couldn't provide sufficient confidence in the mathematical correctness across all edge cases.

Our Approach

Recon applied a deep manual review combined with comprehensive invariant testing. We defined properties covering solvency, interest accrual correctness, liquidation mechanics, and collateral accounting. The fuzzing campaign ran millions of transaction sequences to validate these properties under adversarial conditions.

Findings

High

Arithmetic precision errors in interest calculations

Invariant testing revealed edge cases in interest rate calculations that could lead to accounting discrepancies over time.

Medium

Economic edge cases in liquidation mechanics

Fuzzing uncovered scenarios where specific sequences of market movements could lead to suboptimal liquidation outcomes.

Results

The audit uncovered several technical, arithmetic, and economic issues. Liquity's cofounder noted the breadth and depth exceeded expectations, particularly for what was primarily a solo effort. The invariant test suite continues to protect the protocol during ongoing development.

View full report →

“We first met Alex during some excellent security discussions re: Liquity v1. The breadth and depth of his audit of our v2 exceeded expectations - particularly impressive for a solo effort. He uncovered several technical, arithmetic and economic issues and discussed them with us in detail. I'd highly recommend his manual reviews for any DeFi team that takes their security seriously.”

Rick, Cofounder at Liquity