Live · 2 protocols indexed

Know Your Protocol

Permission analysis and audit findings for DeFi protocols. Technical reference only — not financial advice.

Protocols Indexed

2

Chains Covered

1

Gate: Fail

1

Latest Audit

3w ago

Recent notes

Security research, writeups, and short essays.

Incident single-market · ≈4 LBTC (~4 BTC)

2026-05-08 · upd

Inflating liquidityIndex with flashloan premiums: a ZeroLend post-mortem

A low-liquidity ZeroLend market backed by a post-maturity Pendle PT (PT Lombard LBTC 29MAY2025) was drained of ~4 LBTC. The attacker pumped liquidityIndex via flashloan premiums, accumulated ~10.9955 PT-LBTC via rounding-window arbitrage, then borrowed real LBTC against the drained collateral. A walkthrough of the on-chain facts and the accounting bugs that made it work.

lendingflashloanpost-mortem
2026-05-08

How to read a KYP dashboard

A short walkthrough of the dashboard's gate outcome, trust surfaces, and audit-tier badges — what to scan for in 30 seconds, and where to dig deeper.

metaguide
2026-05-02

PROCESSOR_ROLE design in credit-vault stablecoins

Trusted off-chain operators are the rule, not the exception, in credit-vault stablecoins. The interesting question is what bounds the role on-chain. A short comparison using Saturn Credit as a starting point.

stablecoinoperator-riskvault-design