The purpose of this repo is to provide code demonstrating and exploring different aspects of Toxic Liquidation Spirals. It is a WIP.
Toxic Liquidation Spirals can occur in DeFi projects which utilize loan-to-value ratio based account liquidations. The intent of liquidating an account is to improve the account's health by lowering the loan-to-value ratio, but, under certain conditions, the process of liquidation can actually make an account's health worse. This was first observed in AAVE v2 in 2022, and subsequently was used to hack a Compound v2 fork in 2023.
Currently this repo contains an unmodified Compound v2 fork setup to mimic the behavior of the 2023 0VIX attack. It's a WIP. The file test/ToxicLiquidationSpiral.t.sol contains the setup and can be run with:
forge test -vv --match TEST_NAME_TO_MATCH
This will automatically create a new .csv file if one does not exist. If you'd like to force the creation of a new .csv file, you can run test with an environment flag:
FORCE_NEW_DATA_FILE=true forge test -vv --match TEST_NAME_TO_MATCH
The .csv file will be populated with data from the test runs for futher analysis. This is especially useful for fuzzing tests, which will run the setup with 256 different scenarios.
The suite currently runs has three tests on the Compound fork:
- A short example demonstrating that the setup is working
- A hardcoded toxic liquidation spiral attack similar to the 0VIX attack, which will put data into an autogenerated .csv file
- An example of a fuzzing test which shows the effects of changing the liquidation incentive on the protocol on the total percentage of funds stolen, with each test run being a row in the .csv file
The testing suite is setup to allow more tests to be added and more will be added as I have the time to work on this.