Liquity / liquity-bold competition

Liquity v2 is a collateralized debt platform. Users can lock up WETH and/or select LSTs, and issue stablecoin tokens (BOLD) to their own Ethereum address. The individual collateralized debt positions are called Troves. The stablecoin tokens are economically geared towards maintaining value of 1 BOLD = $1 USD, due to the following properties:

The system is designed to always be over-collateralized - the dollar value of the locked collateral exceeds the dollar value of the issued stablecoins.
The stablecoins are fully redeemable - users can always swap x BOLD for $x worth of a mix of WETH and LSTs (minus fees), directly with the system.
The system incorporates an adaptive interest rate mechanism, managing the attractiveness and thus the demand for holding and borrowing the stablecoin in a market-driven way.

Upon opening a Trove by depositing a viable collateral ERC20, users may issue ("borrow") BOLD tokens such that the collateralization ratio of their Trove remains above the minimum collateral ratio (MCR) for their collateral branch. For example, for an MCR of 110%, a user with $10000 worth of WETH in a Trove can issue up to 9090.90 BOLD against it.

The BOLD tokens are freely exchangeable - any Ethereum address can send or receive BOLD tokens, whether it has an open Trove or not. The BOLD tokens are burned upon repayment of a Trove's debt.

The Liquity v2 system prices collateral via Chainlink oracles. When a Trove falls below the MCR, it is considered under-collateralized, and is vulnerable to liquidation.

Prize distribution and scoring

Total Prize Pool: $350,000
The prize distribution has 3 possible triggers:
- If one or more valid critical severity findings are found, the total pot size is $350,000
- If one or more valid high severity but no critical severity findings are found, the total pot size is $250,000
- If one or more valid medium severity but no critical or high severity findings are found, the total pot size is $125,000
$7500 of the prize pot is reserved for Low Severity findings. These reports are judged based on quality and reviewers are then ranked from 1st to 5th for the purpose of prize allocation.
- 1st: $3,650
- 2nd: $1,825
- 3rd: $1,095
- 4th: $465
- 5th: $465

Severity definition:

Risk Classification Matrix

Severity level	Impact: High	Impact: Medium	Impact: Low
Likelihood: High	Critical/High (Conditional)	High	Medium
Likelihood: Medium	High	Medium	Low
Likelihood: Low	Medium	Low	Informational

Critical severity:

Critical severity is unlocked if a High severity finding results in losses from 10%-100% of the total TVL, using the split of Liquity V2 on mainnet as of 11 February 2025 (https://dune.com/liquity/liquity-v2).
Please note there must be sufficient information and undeniable Proof of concept which should be easily verifiable for the loss amount for the finding to be considered Critical with absolutely no ambiguity
Scoring described in the competition scoring page.
Findings Severities described in detail on our docs page.

Early Submission Incentive

To make sure the Liquity Protocol launch is completed on schedule, researchers are incentivized to submit Critical/High/Medium severity findings early, ie: as soon as one is found. The first valid submission will be rewarded an additional 20% reward, in comparison to its subsequent duplicates.

The finding must identify the root cause, highest valid impact and describe the finding with all the necessary details to consider it valid.
Please note that low quality or vague submissions or submissions that could be subject to interpretations will not be considered for the additional reward.
The escalation process will not apply for these rewards and there will be no discussion for these rewards. The decision made by the Judges/Liquity protocol team on these rewards will be final.
Example: If a finding has 5 duplicates.
- Using regular each of the duplicates would get $2000 each
- With the current incentive of 20%. The earliest valid submission gets $2307.72, and the rest of the duplicates get $1923.07 each.

Documentation

Scope

Repository: https://github.com/liquity/bold/

/contracts/src
├── ActivePool.sol
├── AddressesRegistry.sol
├── BoldToken.sol
├── BorrowerOperations.sol
├── CollateralRegistry.sol
├── CollSurplusPool.sol
├── DefaultPool.sol
├── Dependencies
│   ├── AddRemoveManagers.sol
│   ├── AggregatorV3Interface.sol
│   ├── Constants.sol
│   ├── LiquityBase.sol
│   ├── LiquityMath.sol
│   └── Ownable.sol
├── GasPool.sol
├── Interfaces
│   ├── IActivePool.sol
│   ├── IAddRemoveManagers.sol
│   ├── IAddressesRegistry.sol
│   ├── IBoldRewardsReceiver.sol
│   ├── IBoldToken.sol
│   ├── IBorrowerOperations.sol
│   ├── ICollateralRegistry.sol
│   ├── ICollSurplusPool.sol
│   ├── ICommunityIssuance.sol
│   ├── IDefaultPool.sol
│   ├── IInterestRouter.sol
│   ├── ILiquityBase.sol
│   ├── ILQTYStaking.sol
│   ├── ILQTYToken.sol
│   ├── IMainnetPriceFeed.sol
│   ├── IPriceFeed.sol
│   ├── IRETHPriceFeed.sol
│   ├── IRETHToken.sol
│   ├── ISortedTroves.sol
│   ├── IStabilityPoolEvents.sol
│   ├── IStabilityPool.sol
│   ├── ITroveEvents.sol
│   ├── ITroveManager.sol
│   ├── ITroveNFT.sol
│   ├── IWETH.sol
│   ├── IWSTETHPriceFeed.sol
│   └── IWSTETH.sol
├── PriceFeeds
│   ├── CompositePriceFeed.sol
│   ├── MainnetPriceFeedBase.sol
│   ├── RETHPriceFeed.sol
│   ├── WETHPriceFeed.sol
│   └── WSTETHPriceFeed.sol
├── SortedTroves.sol
├── StabilityPool.sol
├── TroveManager.sol
├── TroveNFT.sol
├── Types
│   ├── BatchId.sol
│   ├── LatestBatchData.sol
│   ├── LatestTroveData.sol
│   ├── TroveChange.sol
│   └── TroveId.sol
└── Zappers
    ├── BaseZapper.sol
    ├── GasCompZapper.sol
    ├── Interfaces
    │   ├── IExchange.sol
    │   ├── IExchangeHelpers.sol
    │   ├── IFlashLoanProvider.sol
    │   ├── IFlashLoanReceiver.sol
    │   └── ILeverageZapper.sol
    │   └── IZapper.sol
    ├── LeftoversSweep.sol
    ├── LeverageLSTZapper.sol
    ├── LeverageWETHZapper.sol
    ├── Modules
    │   ├── Exchanges
    │   │   ├── HybridCurveUniV3Exchange.sol
    │   │   └── HybridCurveUniV3ExchangeHelpers.sol
    │   └── FlashLoans
    │       ├── BalancerFlashLoan.sol
    │       ├── Balancer
    │           └── vault
    │               ├── IFlashLoanRecipient.sol
    │               └── IVault.sol
    └── WETHZapper.sol

Commit: 3533291df7a0610bd32421e09f5fbd779e2a342e
Total LOC: 6535

Note

Since the code has already undergone multiple audits, we believe reviews of the more complex aspects of the system will be most fruitful. That is:

Trove batches and batch management logic
Individual and aggregate interest accrual
Stability Pool - liquidations and reward arithmetic
Redistribution liquidations

Build Instructions

Please refer to the README of github repo for instructions
In the branch testing-sp there’s a permissionless version of the StabilityPool, which can be called directly without needing to open troves. It can be useful for fuzzing or testing mathematical properties. An example of use can be found in test/spPermissionless.t.sol

POC Rule

Mandatory POC rule applies for this competition

Out of scope

Previous security reports
- Recon - Core Protocol Audit Report, October 2024
- ChainSecurity - Core Protocol Audit Report, December 2024
- Dedaub - Core Protocol Audit Report I, August 2024
- Dedaub - Core Protocol Audit Report II, November 2024
- Certora - Formal Verification, December 2024
- Coinspect - Bold Core Smart Contract Audit, December 2024
Expected behaviors such as trusted/untrusted roles and/or any accepted risks
Known issues
- known-issues-and-mitigations
- wont-fix-issues
Lightchaser report:
- https://gist.github.com/ChaseTheLight01/93646325f26a666117d51c9e705b5392

Contact Us

For any issues or concerns regarding this competition, please reach out to the Cantina core team through the Cantina Discord.

Liquity / liquity-bold