Case study
DeFi Lending Protocol
Solidity audit of a lending market. Identified a rounding-direction flaw that let attackers drain dust from liquidation rewards across positions.
Findings summary
Problem
The brief.
A pre-mainnet DeFi lending protocol needed a final audit before TVL onboarding. Team had already passed two prior contest audits; they wanted a dedicated review focused on precision edge-cases and economic attacks under adversarial liquidation scenarios.
Approach
How we ran it.
Four-week Solidity audit. Built Foundry invariant suite for liquidation math; tested rounding behavior under extreme price movements and partial liquidations. Reviewed oracle dependency chain and MEV exposure.
Result
What changed.
One Critical rounding-direction flaw in liquidation bonus calculation — small positions rounded in the attacker’s favor, allowing dust extraction across thousands of liquidations. Three High findings in MEV sandwich exposure and flash-loan price-impact paths. All fixes verified pre-mainnet.
Methodology
What we did.
- Line-by-line Solidity review
- Foundry invariant + fuzzing suite
- Oracle + MEV exposure analysis
- Pre-mainnet fix verification
Outcome
Protocol launched to mainnet with zero post-launch incidents. Fix verified via Foundry invariant suite, saving an estimated six-figure exploit loss.
Found a critical issue in our liquidation path that three prior audits had missed. Exploit was reproducible in Foundry within an hour. We shipped the fix the same week.