Liquidation Incentive Auditor
When to Use
- •Auditing liquidation mechanisms, collateral management, position management
- •User mentions: liquidation, incentive, reward, bonus, bad debt, partial liquidation, whale positions, insurance fund, socialization
- •Analyzing liquidation profitability, bad debt handling, position sizing
- •Reviewing collateral withdrawal restrictions, liquidation economics
Audit Workflow
IMPORTANT: Announce skill usage at the start of analysis
Begin with: "I'm using the audit-liquidation skill to analyze this contract for liquidation incentive and bad debt handling vulnerabilities..."
- •
Scan for liquidation operations
- •Search:
liquidate,liquidationBonus,liquidationReward,badDebt,insuranceFund,partialLiquidation,minPositionSize - •Focus: liquidation rewards, position minimums, collateral withdrawals, bad debt handling
- •Search:
- •
Check against vulnerability patterns
- •Reference
reference.mdfor complete checklist - •Compare code against
example.md
- •Reference
- •
Validate exploitability
- •Check access control first - grep for
onlyOwner|onlyAdmin|onlyGovernancemodifiers - •Can non-privileged actors exploit liquidation incentive issues?
- •Is liquidation profitable for trustless actors?
- •Can small positions accumulate as bad debt?
- •Can users withdraw collateral while maintaining underwater positions?
- •Is bad debt handled properly?
- •Verify no compensating protections exist
- •Downgrade severity if admin-only unless systemic bad debt risk
- •Check access control first - grep for
- •
Generate report
- •Use deliverable template below
- •Include economic analysis and PoC
- •Rank by severity
Core Vulnerability Patterns
See reference.md for full checklist. Key patterns:
- •No liquidation incentive → trustless liquidation unprofitable, positions remain underwater
- •No incentive for small positions → dust positions accumulate, protocol insolvent
- •Collateral withdrawal with positive PNL → removes liquidation incentive, positions unliquidatable
- •No bad debt mechanism → insolvent positions have no recovery path
- •Partial liquidation bypasses bad debt → liquidators extract value, protocol absorbs loss
- •No partial liquidation → whale positions exceed liquidator capacity, remain underwater
Code examples: See example.md
Severity Criteria
Critical: No liquidation incentive causing systemic bad debt accumulation, collateral withdrawal eliminating liquidation possibility, MUST be exploitable by non-privileged actors High: Missing bad debt handling mechanism, partial liquidation bypassing bad debt accounting, insufficient incentives for small positions, MUST be exploitable by non-privileged actors Medium: Suboptimal liquidation rewards reducing liquidation speed, missing partial liquidation for large positions, admin-only liquidation configuration issues with cascading bad debt risk Low: Inefficient reward structures without security impact, admin-only parameter issues without immediate bad debt impact
IMPORTANT: Admin-only liquidation functions (onlyOwner, onlyAdmin, onlyGovernance) are MEDIUM or LOW severity unless:
- •Invalid reward parameters cause systemic liquidation failure and protocol insolvency
- •Missing validation enables admin to manipulate liquidation incentives for personal gain
- •Configuration errors directly lead to bad debt accumulation affecting all users
False Positives - Do NOT Flag
- •Protocols with trusted liquidators (not trustless)
- •Minimum position sizes with explicit documentation
- •Protocols with overcollateralization requirements preventing withdrawals
- •Bad debt handling via documented manual admin intervention
- •Fixed liquidation rewards with analysis showing profitability
- •Admin-only liquidation reward setters (onlyOwner, onlyAdmin) in protocols with trusted admin and documented governance
- •Governance-controlled incentive parameters with timelock and analysis showing profitability
- •Admin functions for insurance fund management where bad debt socialization is documented
Deliverable Format
MANDATORY: Before deliverable, verify each checklist.md item against codebase. Flag violations as findings.
Use template: templates/report-template.md
Each finding includes: severity, pattern #, file/lines, description, vulnerable code, economic impact analysis, PoC showing unprofitable liquidation or bad debt accumulation, remediation, gas impact.
Key Principles
- •Profitability - liquidation must be profitable vs gas costs for trustless actors
- •Minimum viability - enforce minimums to ensure liquidation profitability
- •Collateral lock - prevent withdrawals that eliminate liquidation incentive
- •Bad debt handling - insurance fund or socialization for insolvent positions
- •Scalability - partial liquidation for positions exceeding liquidator capacity
Output Guidelines
DO:
- •Reference specific lines and functions
- •Provide economic analysis (gas costs vs rewards)
- •Show PoCs demonstrating unprofitable liquidations
- •Quantify bad debt accumulation potential
- •Calculate minimum profitable position sizes
DON'T:
- •Report intentional trusted liquidator designs
- •Flag missing features with alternative mechanisms in place
- •Use vague terms ("might be unprofitable")
- •Ignore gas cost context and liquidation economics