Liquity
| Website | https://www.liquity.org |
| X (Twitter) | https://x.com/LiquityProtocol |
| GitHub | |
| Defillama | |
| Chain | Ethereum |
Declaration
This review has been submitted by CookingCryptos, sagaciousyves on 2024-10-23.
It was reviewed and published by the DeFi Collective team on 2024-10-23.
The review has not been updated since the initial submission.
This content is provided "as is" and "as available". Read more in our Terms.
Stage
Risks
Summary
Liquity is a decentralized borrowing protocol that allows you to draw interest-free loans against Ether used as collateral. Loans are paid out in LUSD (a USD pegged stablecoin) and need to maintain a minimum collateral ratio of 110%.
In addition to the collateral, the loans are secured by a Stability Pool containing LUSD and by fellow borrowers collectively acting as guarantors of last resort. Learn more about these mechanisms under Liquidation.
Ratings
Chain
The Liquity protocol is deployed on Ethereum mainnet.
Chain score: Low
Upgradeability
All permissions in the system have been renounced and the protocol is fully immutable. No upgrades or changes can be made to the protocol, its functions or parameters.
Upgradeability score: Low
Autonomy
Liquity relies on two external oracles, Chainlink (primary) and Tellor (fallback), but has a robust fallback mechanism in place, using the "last good price" if both oracles fail or become untrusted. This ensures the protocol can continue operating without interruption, minimizing the impact of oracle failure on its performance. Despite its reliance on external oracles, Liquity’s fallback systems mitigates the risk of disruptions.
Autonomy score: Low
Exit Window
Liquity’s contracts are fully immutable, no upgrades or changes can be made, removing the need for an exit window.
Exit Window score: Low
Accessibility
Multiple user interfaces exist and are operated by independent actors ensuring access to the protocol and user funds even if an interface is shutdown or censors a user's transactions.
A list of third-party frontends can be found here.
Accessibility score: Low
Conclusion
The Liquity V1 deployment on Ethereum Mainnet achieves Low centralization risk score for its Upgradeability, Autonomy, Exit Window and Accessibility dimensions. It thus ranks Stage 2.
Overall score: Stage 2
Reviewer notes
There were no particular discoveries made during the analysis of this protocol.
Protocol Analysis
Dependencies
The only external protocol dependency is an ETH/USD price feed (the Oracle) which is used to compute the value of users’ collateral when minting LUSD, redeeming LUSD or liquidating troves.
The system relies on two different oracles: Chainlink is the primary oracle and Tellor is the fallback oracle in case the chainlink price feed is frozen or untrusted. The Chainlink price feed is deployed at 0x3D7aE7E594f2f2091Ad8798313450130d0Aba3a0, the Tellor oracle is deployed at 0xAd430500ECDa11E38C9bCB08a702274b94641112.
If both Chainlink and Tellor are frozen or untrusted the last good price is used and the system keeps operating allowing users to withdraw their assets.
Chainlink itself achieves a High centralization risk score as discussed in a separate report here.
Governance
External Permission Owners and Security Council
The protocol is completely immutable, thus no Security Council is required 🎉
Exit Window
The protocol is completely immutable, thus no exit window is required 🎉
Contracts & Permissions
Contracts
All Permission Owners
All external permissions are revoked, the protocol is immutable 🎉
Permissions
| Contract | Function | Impact | Owner |
|---|---|---|---|
| ActivePool | setAddresses | The permissioned function allows the owner of the permission to set the following addresses in order to set relationships to co-dependent smart contracts of the Liquity system: troveManager, borrowerOperations, stabilityPoolAddress and defaultPoolAddress. | 0x0 |
| BorrowerOperations | setAddresses | The permissioned function allows the owner of the permission to set the following addresses in order to set relationships to co-dependent smart contracts of the Liquity system: activePool, collSurplusPool, lusdToken, troveManager, lqtyStaking, gasPoolAddress, lqtyStakingAddress, defaultPool, priceFeed, sortedTroves and stabilityPoolAddress. | 0x0 |
| TroveManager | setAddresses | The permissioned function allows the owner of the permission to set the following addresses in order to set relationships to co-dependent smart contracts of the Liquity system: defaultPool, priceFeed, collSurplusPool, lqtyStaking, borrowerOperationsAddress, activePool, gasPoolAddress, lqtyToken, lusdToken, sortedTroves and stabilityPool. | 0x0 |
| CollSurplusPool | setAddresses | The permissioned function allows the owner of the permission to set the following addresses in order to set relationships to co-dependent smart contracts of the Liquity system: activePoolAddress, borrowerOperationsAddress, troveManagerAddress. | 0x0 |
| CommunityIssuance | setAddresses | The permissioned function allows the owner of the permission to set the following addresses in order to set relationships to co-dependent smart contracts of the Liquity system: lqtyToken, stabilityPoolAddress. | 0x0 |
| DefaultPool | setAddresses | The permissioned function allows the owner of the permission to set the following addresses in order to set relationships to co-dependent smart contracts of the Liquity system: troveManagerAddress, activePoolAddress. | 0x0 |
| HintHelpers | setAddresses | The permissioned function allows the owner of the permission to set the following addresses in order to set relationships to co-dependent smart contracts of the Liquity system: troveManager, sortedTroves. | 0x0 |
| LockupContractFactory | setLQTYTokenAddress | The permissioned function allows the owner of the permission to set the following addresses in order to set relationships to co-dependent smart contracts of the Liquity system: lqtyTokenAddress. | 0x0 |
| LQTYStaking | setAddresses | The permissioned function allows the owner of the permission to set the following addresses in order to set relationships to co-dependent smart contracts of the Liquity system: lqtyToken, troveManagerAddress, borrowerOperationsAddress, activePoolAddress, lusdToken. | 0x0 |
| PriceFeed | setAddresses | The permissioned function allows the owner of the permission to set the following addresses in order to set relationships to co-dependent smart contracts of the Liquity system: priceAggregator, tellorCaller. | 0x0 |
| SortedTroves | setParams | The permissioned function allows the owner of the permission to set the following addresses in order to set relationships to co-dependent smart contracts of the Liquity system: troveManager, borrowerOperationsAddress. And it allows to set the max size for data. | 0x0 |
| StabilityPool | setAddresses | The permissioned function allows the owner of the permission to set the following addresses in order to set relationships to co-dependent smart contracts of the Liquity system: troveManager, borrowerOperations, activePool, lusdToken, sortedTroves, priceFeed and communityIssuance. | 0x0 |
| Unipool | setAddresses | The permissioned function allows the owner of the permission to set the following addresses in order to set relationships to co-dependent smart contracts of the Liquity system: lqtyToken and uniToken. | 0x0 |