Lending & Borrowing Security Checklist
30 security checks for DeFi lending, CDP, and borrowing protocols. Covering oracle manipulation, liquidation mechanics, interest rate precision, collateral management, flash loan exploits, and debt accounting. Derived from real audit findings across Aave, Compound, MakerDAO, and 40+ lending protocols.
Threat Analysis
Key statistics from analyzing lending protocol audit findings:
• 2,800+ findings analyzed from real smart contract audits across major lending protocols
• 30 vulnerability patterns identified and categorized across 6 security domains
• 19 Critical/High items require immediate attention in any lending protocol audit
Automate with Krait CLI
53% of these checks can be automated against your codebase. 14 checks require manual review.
/krait:scan --deepInstall Krait →CATEGORIES
Oracle Price Manipulation via Flash Loans
CriticalKraitCollateral/debt pricing uses spot AMM price or stale oracle, enabling flash loan price manipulation to trigger false liquidations
Chainlink Stale Price Acceptance
CriticalKraitMissing staleness checks on Chainlink oracle responses allows use of outdated prices
Zero or Negative Price Handling
HighOracle returns zero or negative price without the protocol reverting, leading to incorrect valuations
Debt Token Decimal Mismatch
HighKraitDebt tracking uses different decimals than borrowed asset, causing scaling errors in interest and liquidation
Cross-Asset Price Correlation Assumptions
MediumProtocol assumes price correlation between assets that can diverge (e.g., WBTC/BTC, stETH/ETH)
Liquidation Profitability Threshold
CriticalKraitAt extreme collateral ratios, liquidation becomes unprofitable — nobody liquidates, bad debt accumulates
Missing Liquidation Path for All Collateral Types
HighKraitSome collateral types cannot be practically liquidated, leading to permanently stuck bad debt
Health Factor Stale During Callback
HighKraitHealth factor checked before transfer callback completes, allowing excess borrowing during reentrancy
Incorrect Liquidation Price Calculations
HighFlawed liquidation price formulas allow positions to survive below threshold or trigger premature liquidation
Liquidation Cascades and Cliff Effects
MediumMultiple positions liquidating simultaneously cause price impact that triggers more liquidations
Interest Rate Calculation Precision Loss
CriticalKraitPer-second interest compounding with truncation causes systematic underpayment, leading to protocol insolvency
Interest Accrual Skip on Zero Utilization
HighKraitInterest only accrues when explicitly triggered, pausing during idle periods
Reserve Factor Inconsistency Across Paths
HighKraitReserve cut from interest applied differently between deposit, withdraw, and liquidate code paths
Compound Interest Overflow at Extremes
HighCompound interest formula overflows at high rates or long durations, generating incorrect debt values
Bad Debt Accounting Drift
MediumProtocol does not track or socialize bad debt, allowing it to accumulate silently
Collateral Factor Misconfiguration by Volatility
HighKraitSame collateral factor for assets with different volatilities leads to under-collateralization
Circular Collateral Valuation (Reflexive Risk)
HighKraitProtocol's own token used as collateral while its value depends on TVL that includes itself
First Depositor Share Inflation (Vault-Based Lending)
CriticalKraitERC4626-style lending vaults without virtual offset allow first depositor to inflate share price
Collateral Value Manipulation via Donation
HighDirect token transfers to the lending pool inflate collateral valuations without going through deposit logic
Frozen/Paused Market Still Accruing Debt
MediumWhen a market is frozen, existing positions continue accruing interest but users cannot repay or add collateral
Borrow-Repay Same Transaction (Zero-Duration Borrow)
CriticalKraitFlash loan allows borrow and repay in same transaction, bypassing interest and gaining protocol benefits
Borrow Cap Bypass via Flash Loan
HighKraitFlash loan temporarily reduces totalBorrowed, allowing excess borrowing past the cap
Flash Loan Liquidation Front-Running
HighAttacker uses flash loan to push position underwater, liquidate, and profit in one transaction
Reward Claim Front-Running via Permissionless Function
HighKraitAnyone can call claimRewards on behalf of any user, breaking assumed state or stealing rewards
External Protocol Dependency Shutdown
HighKraitProtocol integrates with external protocols for yield — if they pause or deprecate, users cannot withdraw
Admin Can Modify Critical Parameters Without Timelock
HighAdmin can instantly change interest rates, collateral factors, or oracle sources without delay
Uncontrolled Ownership Transfer
HighOwnership can be transferred to arbitrary address without confirmation, enabling protocol takeover
Emergency Withdrawal Bypass of Accounting
HighEmergency withdrawal functions skip normal accounting, leaving protocol state inconsistent
Missing Pause/Circuit Breaker Mechanism
MediumProtocol has no way to pause operations during an active exploit or extreme market conditions
Token Recovery Function Drains Active Deposits
MediumRecoverERC20 or similar rescue functions can withdraw tokens that are actively used as deposits
Need a Professional Lending Protocol Audit?
Lending protocols hold billions in TVL and represent the highest-risk category in DeFi. Get your protocol audited by a team that understands liquidation mechanics, oracle integration, and interest rate edge cases.
