Know Your Protocol
Permission analysis and audit findings for DeFi protocols. Technical reference only — not financial advice.
Saturn Credit
Gate: ConditionalMUSD Savings Strategy (sMUSD)
Gate: ConditionalMUSD (Mezo USD)
Gate: ConditionalAltura Trade
Gate: FailAPYX
Gate: PassTry clearing one or more filters.
Recent notes
Security research, writeups, and short essays.
- Incident single-market · ≈4 LBTC (~4 BTC)updated
Inflating liquidityIndex with flashloan premiums: a ZeroLend post-mortem
A low-liquidity ZeroLend market backed by a post-maturity Pendle PT (PT Lombard LBTC 29MAY2025) was drained of ~4 LBTC. The attacker pumped liquidityIndex via flashloan premiums, accumulated ~10.9955 PT-LBTC via rounding-window arbitrage, then borrowed real LBTC against the drained collateral. A walkthrough of the on-chain facts and the accounting bugs that made it work.
lendingflashloanpost-mortem -
How to read a KYP dashboard
A short walkthrough of the dashboard's gate outcome, trust surfaces, and audit-tier badges — what to scan for in 30 seconds, and where to dig deeper.
metaguide -
PROCESSOR_ROLE design in credit-vault stablecoins
Trusted off-chain operators are the rule, not the exception, in credit-vault stablecoins. The interesting question is what bounds the role on-chain. A short comparison using Saturn Credit as a starting point.
stablecoinoperator-riskvault-design