Coinspect identified a high risk issue, a missing requirement in a function that allowed attackers to force the system to enter Recovery Mode in order to liquidate troves. This finding was promptly fixed by Liquity’s team during the assessment and the resulting code was verified by Coinspect.
Coinspect also identified two medium risks issues, one shows how attackers could leverage flash loans to inflate system fees, the other calls attention to how after the introduction of batch liquidationsthe liquidators incentives were not always aligned with system health.
Liquity also addressed a low risk issue reported by Coinspect about missing checks in the liquidateBatch function.
Off-chain components such as the front-end were out of scope for this assessment.
Continue reading Coinspect's Liquity Smart Contract Audit report to learn more about how Liquity works and the details of the security issues identified.