A sophisticated Solidity-based bot that demonstrates the historical price manipulation vulnerability in Compound v2 during DeFi Summer 2020.
This project replicates the historical exploit where a liquidator gained an edge by manipulating the Open Price Feed in Compound v2. The bot demonstrates how stale but valid signed prices could be used to trigger liquidations before other market participants could react.
- Simulates price manipulation using stale-but-valid signed price data
- Executes
liquidateBorrow()on undercollateralized accounts - Built with Foundry for efficient testing and deployment
- Uses mainnet forking for realistic testing conditions
- Demonstrates the exact attack vector used on August 20, 2020
- Clone the repository:
git clone https://github.com/6ixty80/liquidation-bot.git
cd liquidation-bot- Install dependencies:
forge install- Build the project:
forge buildRun the test suite:
forge testFor verbose output:
forge test -vvThe bot can be configured through environment variables:
RPC_URL: Your Ethereum node RPC URLPRIVATE_KEY: Your wallet's private keyGAS_PRICE: Maximum gas price in weiGAS_LIMIT: Gas limit for transactions
This project is for educational purposes only. It demonstrates a historical vulnerability that has been patched in newer versions of Compound. Do not use this code for malicious purposes.
This project is licensed under the MIT License - see the LICENSE file for details.
Contributions are welcome! Please read our Contributing Guidelines for details on our code of conduct and the process for submitting pull requests.