Liquidium
Technical Documentation

Security

Protocol security guarantees - atomicity, authentication, and reliability

Atomicity & WAL

Authentication

Security Principles

Liquidium implements multiple layers of security:

1. Cryptographic Security

  • Native-chain signature verification (BIP322 for Bitcoin, EIP-191 for Ethereum, Ed25519 for Solana)
  • Nonce-based replay protection
  • Threshold ECDSA for Bitcoin transactions, threshold ECDSA for Ethereum, threshold EdDSA for Solana

2. State Consistency

  • Two-phase execution model
  • Write-ahead logging for async operations
  • Idempotent handlers prevent double-execution

3. Economic Security

  • Overcollateralization requirements
  • Liquidation incentives maintain solvency
  • Supply/borrow caps limit exposure

4. Access Control

  • Caller validation for inter-canister calls
  • Admin-only configuration methods requiring authorized principals
  • Profile ownership verification

Trust Boundaries

Boundary Protections

Boundary

Attack Vector

Mitigation

User → Lending

Signature forgery

Native-chain signature verification

User → Lending

Replay attacks

Nonce-based protection

User → Lending

Unauthorized access

Profile ownership validation

Lending → Pool

Unauthorized withdrawals

Caller validation

Lending → Pool

Double execution

WAL idempotency

Pool → ckMinter

Invalid burn amounts

Pre-flight validation

Oracle → Lending

Price manipulation

Caching, deviation alerts

Liquidator → Lending

Griefing attacks

Close factor limits

Key Security Properties

Atomicity

All critical state changes happen atomically in a single execution:

  • No partial state updates
  • Rollback on validation failure
  • State committed before async work

Durability

Pending operations survive canister upgrades:

  • Write-ahead log in stable storage
  • Automatic retry on failure
  • No data loss on crashes

Idempotency

Operations can be safely retried:

  • Unique operation IDs
  • Processed ID tracking
  • Ledger-level deduplication

Authorization

Every operation is properly authorized:

  • Signature verification for user requests
  • Caller validation for inter-canister calls
  • Admin checks for configuration changes

Repayments

How repayments flow through the protocol - debt detection, share burning, and overpayment handling

Atomicity & Write-Ahead Logging

Two-phase execution model and reliable async operations

On this page

Security Principles1. Cryptographic Security2. State Consistency3. Economic Security4. Access ControlTrust BoundariesBoundary ProtectionsKey Security PropertiesAtomicityDurabilityIdempotencyAuthorization