Unfair Liquidation Auditor
When to Use
- •Auditing liquidation fairness, L2 deployments, pause mechanisms
- •User mentions: L2 sequencer, grace period, pause, interest accumulation, LTV gap, auction, slippage protection, collateral priority
- •Analyzing liquidation timing, state synchronization, user protections
- •Reviewing pause/unpause logic, sequencer checks, health score calculations
Audit Workflow
IMPORTANT: Announce skill usage at the start of analysis
Begin with: "I'm using the audit-unfair-liquidation skill to analyze this contract for unfair liquidation vulnerabilities..."
- •
Scan for liquidation fairness issues
- •Search:
sequencer,paused,accrue,LTV,auction,healthFactor,slippage,collateralPriority,borrower - •Focus: sequencer checks, pause states, interest accrual, health calculations, auction mechanics
- •Search:
- •
Check against vulnerability patterns
- •Reference
reference.mdfor complete checklist - •Compare code against
example.md
- •Reference
- •
Validate exploitability
- •Check access control first - grep for
onlyOwner|onlyAdmin|onlyGovernancemodifiers - •Can non-privileged actors exploit unfair liquidation mechanisms?
- •Can users be liquidated during sequencer downtime without grace period?
- •Does interest accumulate while repayments paused?
- •Can liquidators cherry-pick stable collateral?
- •Is there an LTV gap between borrow and liquidation?
- •Verify no compensating protections exist
- •Downgrade severity if admin-only unless direct borrower harm
- •Check access control first - grep for
- •
Generate report
- •Use deliverable template below
- •Include timing analysis and PoC
- •Rank by severity
Core Vulnerability Patterns
See reference.md for full checklist. Key patterns:
- •Missing L2 sequencer grace period → users liquidated immediately when sequencer restarts
- •Interest accumulates while paused → users liquidated for interest accrued during downtime
- •Repayment paused, liquidation active → users prevented from avoiding liquidation
- •Late interest/fee updates → isLiquidatable uses stale values
- •Lost positive PNL/yield → profitable positions lose gains during liquidation
- •Unhealthier post-liquidation → liquidator cherry-picks stable collateral
- •Corrupted collateral priority → liquidation order doesn't match risk
- •Borrower replacement misattribution → original borrower repays new owner's debt
- •No LTV gap → users liquidatable immediately after borrowing
- •Interest during auction → borrowers accrue interest while being auctioned
- •No liquidation slippage protection → liquidators can't specify minimum rewards
Code examples: See example.md
Severity Criteria
Critical: Missing sequencer grace period on L2, repayment paused while liquidation active, immediate liquidation after borrow (no LTV gap), MUST be exploitable by non-privileged actors High: Interest accumulation during pause, late fee updates, cherry-picking collateral leaving unhealthier state, MUST be exploitable by non-privileged actors Medium: Lost PNL/yield during liquidation, interest accrual during auctions, no liquidator slippage protection, admin-only liquidation timing configuration issues with cascading borrower impact Low: Suboptimal collateral priority without security impact, admin-only parameter issues without immediate borrower impact
IMPORTANT: Admin-only liquidation timing functions (onlyOwner, onlyAdmin, onlyGovernance) are MEDIUM or LOW severity unless:
- •Admin can trigger liquidations during sequencer downtime without grace period
- •Pause mechanism controlled by admin creates asymmetry (repayment paused, liquidation active)
- •LTV configuration by admin allows immediate liquidation after borrowing
False Positives - Do NOT Flag
- •L1-only deployments (no sequencer concerns)
- •Protocols with explicit admin-only liquidation during pause
- •Systems where pause simultaneously halts interest and liquidation
- •Documented grace periods after unpause events
- •Single-collateral systems (no cherry-picking possible)
- •Admin-only pause functions (onlyOwner, onlyAdmin) where pause halts both repayment and liquidation symmetrically
- •Governance-controlled LTV parameters with documented gap between borrow and liquidation thresholds
- •Admin functions for grace period configuration with reasonable defaults
Deliverable Format
MANDATORY: Before deliverable, verify each checklist.md item against codebase. Flag violations as findings.
Use template: templates/report-template.md
Each finding includes: severity, pattern #, file/lines, description, vulnerable code, timing/fairness analysis, PoC, remediation.
Key Principles
- •Fairness - users must have opportunity to avoid liquidation
- •Synchronization - pause states must be consistent (repay ↔ liquidate)
- •Grace periods - time for users to respond after downtime
- •Health improvement - liquidation must improve borrower health
- •Predictability - liquidators need slippage protection
Output Guidelines
DO:
- •Reference specific lines and functions
- •Provide timing analysis (sequencer downtime windows)
- •Show PoCs demonstrating unfair liquidation scenarios
- •Analyze pause state interactions
- •Calculate LTV gaps and health score changes
DON'T:
- •Report intentional pause-based liquidation designs
- •Flag missing features with alternative mechanisms
- •Use vague terms ("might be unfair")
- •Ignore documented grace period configurations