DeFi lending protocol audit · 7 critical findings before mainnet

Pre-mainnet audit of a lending protocol on Ethereum L2. Invariant-based + fuzz + manual review. 7 critical, 12 high, 28 medium findings · all fixed before first tx.

THE PROBLEM

[1/3]

01Team had an internal review but wanted an independent pre-audit before the paid audit firm engagement.
02Aggressive mainnet deadline (6 weeks out); couldn't block it but had to catch obvious stuff.
03Protocol integrated with 3 external price oracles · high oracle-manipulation attack surface.
04Upgradeable proxy pattern with a 48h timelock · timelock config was half-wrong.

THE SOLUTION

[2/3]

Threat model built on day 1 (template now in /resources/smart-contract-threat-model-template.md).
Foundry invariant tests · 34 invariants, 200k runs each, ~3 hours total.
Halmos symbolic execution on core accounting functions (accrueInterest, repay, liquidate).
Echidna property-based fuzzing on the oracle wrapper for 72 hours.
Manual review of 2,800 lines of Solidity across 11 contracts · 3 senior reviewers, 2 weeks.

Technologies

SolidityFoundryHalmosSlitherEchidnaTenderly

THE OUTCOME

[3/3]

017 Critical findings (4 reentrancy edge cases, 2 oracle-manipulation, 1 timelock-bypass).
0212 High findings · access control, precision-loss, event-log gaps.
0328 Medium findings · gas optimizations, NatSpec gaps, edge behaviours.
04All Critical + High remediated before mainnet; re-audit ran clean.
05Post-deploy monitoring matrix shipped · TVL-delta alerts, oracle-staleness alerts, admin-call alerts.

Let's get started.

Send an email or book a 30-minute call.

Start a project Back to case studies