Compound V2 Security Audit

A comprehensive security audit framework for Compound V2 protocol analysis, designed for educational and defensive security research. Test flash loan attacks, reentrancy vulnerabilities, oracle manipulation, and recreate historical DeFi bugs.

Overview

This skill provides a complete testing environment for identifying and analyzing DeFi vulnerabilities in the Compound V2 protocol. It includes attack vector simulations, historical bug recreations, and security audit infrastructure.

Prerequisites

Foundry installed (`curl -L https://foundry.paradigm.xyz | bash && foundryup`)

Mainnet RPC URL (Alchemy, Infura, or similar)

Git for version control

Basic understanding of Solidity and DeFi concepts

Setup Instructions

1. Initialize Environment

First, clone or navigate to the repository and run the setup script:

```bash

./scripts/setup-env.sh

```

If the setup script is not available, manually configure:

```bash

cp .env.example .env

Edit .env with your credentials:

- ETH_RPC_URL: Your mainnet RPC endpoint

- PRIVATE_KEY: Test private key (use Anvil default for testing)

- ETHERSCAN_API_KEY: Optional, for contract verification

source .env

```

2. Install Dependencies

```bash

forge install

forge build

```

3. Verify RPC Connection

```bash

cast block latest --rpc-url $ETH_RPC_URL

```

Core Architecture

Contract Inheritance Pattern

All audit tests inherit from multiple base contracts:

```solidity

contract MyAuditTest is Test, AuditBase, CompoundHelpers, OracleManipulator {

// Provides: Foundry Test + audit utilities + Compound helpers + oracle manipulation

}

```

Pre-configured Constants

`AuditBase.sol` provides mainnet addresses:

**Tokens**: USDC, WETH, DAI, USDT, COMP_TOKEN

**Compound V2**: COMPTROLLER, CUSDC, CDAI, CETH, CUSDT, PRICE_ORACLE

**Test Accounts**: ADMIN, USER1, USER2, LIQUIDATOR, ATTACKER, WHALE

Test Structure

```

test/

├── exploits/

│ ├── FlashLoanAttacks.t.sol # Flash loan attack simulations

│ ├── ReentrancyTests.t.sol # Reentrancy vulnerability tests

│ └── CompoundHistoricalBugs.t.sol # Historical bug recreations

├── unit/ # Unit tests

└── integration/ # Integration tests

```

Running Security Tests

All Tests

```bash

forge test --fork-url $ETH_RPC_URL

```

Flash Loan Attack Tests

```bash

Run all flash loan tests

forge test --match-contract FlashLoanAttacksTest --fork-url $ETH_RPC_URL -vv

Run specific flash loan test

forge test --match-test test_FlashLoanPriceManipulation --fork-url $ETH_RPC_URL -vvv

```

Reentrancy Vulnerability Tests

```bash

Run all reentrancy tests (currently working)

forge test --match-contract ReentrancyTestsTest --fork-url $ETH_RPC_URL -vv

Run specific reentrancy test

forge test --match-test test_SupplyReentrancy --fork-url $ETH_RPC_URL -vvv

```

Historical Bug Analysis

```bash

Run Compound historical bug tests ($80M bug, etc.)

forge test --match-contract CompoundHistoricalBugsTest --fork-url $ETH_RPC_URL -vv

```

Individual Test Files

```bash

forge test --match-path test/exploits/FlashLoanAttacks.t.sol --fork-url $ETH_RPC_URL -vv

forge test --match-path test/exploits/ReentrancyTests.t.sol --fork-url $ETH_RPC_URL -vv

```

Advanced Testing

Maximum Verbosity (Debug Mode)

```bash

forge test --fork-url $ETH_RPC_URL -vvvv

```

Gas Analysis

```bash

forge test --gas-report --fork-url $ETH_RPC_URL

```

Coverage Analysis

```bash

forge coverage --fork-url $ETH_RPC_URL --report lcov

```

Build Size Analysis

```bash

forge build --sizes

```

Different Testing Profiles

```bash

CI profile (more fuzz runs)

forge test --profile ci

Intensive testing profile

forge test --profile intense

```

Test Categories

1. Flash Loan Attacks (`FlashLoanAttacks.t.sol`)

Educational focus: Understanding how flash loans can be weaponized in DeFi attacks.

Price manipulation + liquidation attacks

Arbitrage exploitation

Liquidation threshold manipulation

Cross-protocol flash loan strategies

2. Reentrancy Tests (`ReentrancyTests.t.sol`)

Educational focus: Identifying reentrancy vulnerabilities in DeFi protocols.

Supply/redeem reentrancy via malicious tokens

Borrow/repay callback exploitation

Liquidation callback attacks

Cross-function reentrancy patterns

3. Historical Bugs (`CompoundHistoricalBugs.t.sol`)

Educational focus: Learning from real-world DeFi security incidents.

The $80M Compound liquidation bug (Proposal 062)

Interest rate model manipulation

Oracle staleness exploitation

Liquidation incentive calculation errors

4. Oracle Manipulation (`OracleManipulator.sol`)

Educational focus: Understanding price feed vulnerabilities.

Flash loan + DEX price manipulation

Sandwich attacks around large trades

Oracle delay exploitation

Cross-market arbitrage attacks

Writing Custom Audit Tests

Test Structure Pattern

```solidity

contract MyAuditTest is Test, AuditBase, CompoundHelpers {

function setUp() public {

setUpAudit(); // Initialize fork and test accounts

// Custom setup...

}

function test_MyVulnerability() public withLogging("Test", "Action") {

// Test implementation with automatic logging

}

```

Attack Simulation Pattern

```solidity

// 1. Setup victim position

setupVictimPosition();

// 2. Record initial state

uint256 initialBalance = token.balanceOf(attacker);

// 3. Execute attack

vm.startPrank(ATTACKER);

// ... attack logic ...

vm.stopPrank();

// 4. Analyze results and log vulnerability if found

if (profit > 0) {

logVulnerability("Attack Name", target, severity, "Description");

}

```

Helper Usage

```solidity

// Compound interactions

supplyToCompound(user, ICToken(CUSDC), amount);

borrowFromCompound(user, ICToken(CDAI), borrowAmount);

liquidatePosition(liquidator, borrower, cTokenBorrowed, repayAmount, cTokenCollateral);

// Price manipulation

simulateFlashLoanPriceManipulation(targetToken, flashAmount, isPump);

```

Troubleshooting

Known Issues

**"Contract does not exist" errors during setUp:**

Some tests (ReentrancyTests) work properly

Others (FlashLoanAttacks) may fail during fork setup

Issue typically occurs in `dealToken()` or `deal()` calls

Run individual test contracts to isolate the problem

**Working tests:**

```bash

forge test --match-contract ReentrancyTestsTest --fork-url $ETH_RPC_URL

```

Common Solutions

**RPC Rate Limiting:**

```bash

forge test --slow --fork-url $ETH_RPC_URL

```

**Fork Block Issues:**

Current fork block: 19,000,000 (configured in foundry.toml)

Update `fork_block_number` if protocol changes affect tests

**Gas Estimation Failures:**

Increase `gas_limit` in foundry.toml (currently 30M)

Use `vm.fee()` and `vm.coinbase()` for gas price control

**Memory Issues:**

Run test categories separately

Use `--no-match-test` to exclude heavy tests during development

Debug Commands

```bash

Debug specific test

forge test --match-test test_FlashLoanAttack -vvvv --fork-url $ETH_RPC_URL

Test individual contracts to isolate issues

forge test --match-contract ReentrancyTestsTest --fork-url $ETH_RPC_URL -v

Verify RPC connection

cast block latest --rpc-url $ETH_RPC_URL

```

Configuration

Critical Environment Variables

`ETH_RPC_URL` - Mainnet RPC endpoint (required)

`PRIVATE_KEY` - Private key for deployments (TEST KEY ONLY)

`ETHERSCAN_API_KEY` - For contract verification (optional)

`POLYGON_RPC_URL` - Polygon RPC for multi-chain testing (optional)

`ARBITRUM_RPC_URL` - Arbitrum RPC for multi-chain testing (optional)

Fork Configuration

**Fork Block**: 19,000,000 (stable Compound V2 deployment)

**Gas Limit**: 30M gas (for complex attack simulations)

**Chain**: Ethereum mainnet

Security and Ethics

Important Disclaimers

This framework is for **defensive security research and education only**:

✅ Identifying vulnerabilities to build better defenses

✅ Educational purposes and security training

✅ Testnet and mainnet fork testing only

❌ Never use attack patterns for malicious purposes

❌ Never run on live mainnet without authorization

❌ Never target protocols without permission

Built-in Safety Features

1. **Mainnet Protection**: Tests include chain ID validation

2. **Private Key Safety**: Git hooks prevent committing real keys

3. **RPC Rate Limiting**: Configured to avoid API abuse

4. **Gas Monitoring**: Alerts for unusual consumption patterns

Educational Value

This project serves as a learning resource for:

**Security Auditors**: Understanding real-world attack patterns

**DeFi Developers**: Identifying common vulnerability classes

**Researchers**: Analyzing historical DeFi incidents

**Students**: Hands-on blockchain security education

The goal is to build better, more secure DeFi protocols by understanding how attacks work and developing robust defenses.

Additional Resources

Project Structure

`src/AuditBase.sol` - Base contract with logging and test utilities

`src/CompoundHelpers.sol` - Compound V2 interaction helpers

`src/OracleManipulator.sol` - Price oracle manipulation utilities

`audit-reports/` - Generated audit reports and findings

`scripts/` - Deployment and utility scripts

Generated Reports

Gas usage analysis: `./gas-analysis.txt`

Coverage reports: `./coverage/`

Audit findings: Logged via events and console output

Example Usage

```bash

1. Setup environment

./scripts/setup-env.sh

2. Build contracts

forge build

3. Run all tests

forge test --fork-url $ETH_RPC_URL

4. Run specific vulnerability test

forge test --match-test test_SupplyReentrancy --fork-url $ETH_RPC_URL -vvv

5. Generate gas report

forge test --gas-report --fork-url $ETH_RPC_URL

6. Generate coverage report

forge coverage --fork-url $ETH_RPC_URL --report lcov

```

---

**Disclaimer**: This audit framework is for educational and defensive purposes only. Always conduct security research ethically and responsibly. Never use these techniques for malicious activities.

Compound V2 Security Audit

Compound V2 Security Audit

Overview

Prerequisites

Setup Instructions

1. Initialize Environment

Edit .env with your credentials:

- ETH_RPC_URL: Your mainnet RPC endpoint

- PRIVATE_KEY: Test private key (use Anvil default for testing)

- ETHERSCAN_API_KEY: Optional, for contract verification

2. Install Dependencies

3. Verify RPC Connection

Core Architecture

Contract Inheritance Pattern

Pre-configured Constants

Test Structure

Running Security Tests

All Tests

Flash Loan Attack Tests

Run all flash loan tests

Run specific flash loan test

Reentrancy Vulnerability Tests

Run all reentrancy tests (currently working)

Run specific reentrancy test

Historical Bug Analysis

Run Compound historical bug tests ($80M bug, etc.)

Individual Test Files

Advanced Testing

Maximum Verbosity (Debug Mode)

Gas Analysis

Coverage Analysis

Build Size Analysis

Different Testing Profiles

CI profile (more fuzz runs)

Intensive testing profile

Test Categories

1. Flash Loan Attacks (`FlashLoanAttacks.t.sol`)

2. Reentrancy Tests (`ReentrancyTests.t.sol`)

3. Historical Bugs (`CompoundHistoricalBugs.t.sol`)

4. Oracle Manipulation (`OracleManipulator.sol`)

Writing Custom Audit Tests

Test Structure Pattern

Attack Simulation Pattern

Helper Usage

Troubleshooting

Known Issues

Common Solutions

Debug Commands

Debug specific test

Test individual contracts to isolate issues

Verify RPC connection

Configuration

Critical Environment Variables

Fork Configuration

Security and Ethics

Important Disclaimers

Built-in Safety Features

Educational Value

Additional Resources

Project Structure

Generated Reports

Example Usage

1. Setup environment

2. Build contracts

3. Run all tests

4. Run specific vulnerability test

5. Generate gas report

6. Generate coverage report

Reviews (0)