What kinds of issues should I look for?

Rounding-related vulnerabilities, improper liquidations, flashloan edge cases, deposit/withdraw gaps, and yield harvesting misbehavior, plus typical security risks like reentrancy and access control gaps.

When should I use this skill?

During security reviews of DeFi lending protocols, especially when collateral, loans, flashloans, liquidations, or yield strategies are involved, and throughout development and auditing cycles.

lending-protocol-analysis

npx machina-cli add skill mnedelchev-vn/solidity-defi-claude-skills/lending-protocol-analysis --openclaw

Files (1)

SKILL.md

1.1 KB

Rounding issues and exploits analysis

Detecting vulnerabilities that allow attackers to harm lending protocols. Such exploits could be stealing protocol's funds, locking funds, trying to exploit interest or withdrawal fees.

When to Use

When NOT to Use

Contracts with no lending logic
Contracts with no yield bearing logic

Examples of issues and exploits with lending protocols

Case 1:

Advanced cases:

Liquidations: See liquidations.md for complete guide

Additional Analysis

Beyond the patterns above, apply your full security knowledge to identify any related issues not covered here.

Source

git clone https://github.com/mnedelchev-vn/solidity-defi-claude-skills/blob/master/skills/lending-protocol-analysis/SKILL.md

View on GitHub

Overview

This skill acts as a focused checklist to identify issues or exploits in Solidity lending or yield-bearing contracts. It helps validate the correct flow of lending and borrowing activities, covering collateral deposits/withdrawals, loans and repayments, flashloans, liquidations, and yield harvesting.

How This Skill Works

Security analysts apply a structured checklist to lending protocols to surface rounding issues and exploit vectors. It aligns with the domain of DeFi lending patterns, liquidity events, and liquidation mechanics, and references resources like advanced liquidation guides to validate edge cases and flow integrity.

When to Use It

Auditing a contract that handles deposit and withdrawal of collateral (lending)
Verifying borrow, repay, and liquidation flow correctness in a loan platform
Reviewing flashloan interactions for proper repayment and safety checks
Assessing liquidation triggers and pathways for potential bypasses
Evaluating yield harvesting logic for correctness and fee handling

Quick Start

Step 1: Identify all lending-related functions (deposit/withdraw collateral, borrow/repay, flashloans, liquidations, yield harvesting)
Step 2: Apply the lending-protocol-analysis checklist to these flows and note any rounding or flow inconsistencies
Step 3: Document issues with actionable fixes and reference any relevant liquidation or DeFi patterns guides

Best Practices

Prioritize arithmetic safety by scrutinizing rounding behavior in interest, collateral, and payout calculations
Map every step of the user flow: deposit, borrow, repay, withdraw, liquidate, and harvest to catch missing checks
Validate access control, pause mechanisms, and admin privileges to prevent governance-related exploits
Inspect external calls and reentrancy risks in yield strategies and liquidation routines
Create targeted test cases for edge cases: zero deposits, extreme interest rates, and rapid price shifts

Example Use Cases

Rounding error in interest calculation causing a lender's position to drift undercollateralized over time
A flashloan path that fails to repay or properly settles, draining liquidity unexpectedly
Liquidation logic that permits exploiters to bypass collateral checks and seize underpriced assets
Yield harvesting logic that misallocates rewards or charges excessive fees due to rounding
Deposits or withdrawals that can lock funds or create stale, inaccessible balances due to flow gaps

Frequently Asked Questions

Add this skill to your agents