Liquity v2 Governance Smart Contract Audit

In January 2025, Liquity engaged Coinspect to audit the smart contracts of Liquity v2 Governance. This system introduces a modular initiative-based approach to decentralized governance, allowing users to register initiatives, vote, and manage their LQTY token allocations.

Liquity v2 Governance enables decentralized decision-making through an epoch-based system. Users with enough voting power can propose initiatives by paying a fee, which are discussed on Discourse before voting. The system ensures immutability by limiting governance to allocating 25% of revenue, leaving core protocol operations unchanged. Bribe-driven incentives encourage participation while maintaining process integrity, though permissionless features require community vigilance to prevent misuse.

During this security assessment, Coinspect identified one medium-risk issue related to how an arbitrary bribe token could be used to lock down all bribes sent in BOLD. A malicious or upgradeable token deployed in a Bribe Initiative could inflate the bribe amount to the maximum, causing an overflow that locks all BOLD bribes in the contract for that epoch. While this scenario is low-likelihood, its potential impact is significant, as unsuspecting users’ tokens could be permanently locked. Liquity mitigated this risk by documenting the concern, restricting the use of arbitrary bribe tokens.

Download Liquity v2 Governance Smart Contract Audit Report

Having recently audited Liquity v2 smart contracts, our team has developed a strong understanding of Liquity’s development workflow, and the rationale behind their code changes. This enables us to collaborate closely with Liquity, integrating security considerations seamlessly into their development lifecycle.

At Coinspect, we combine over a decade of blockchain security expertise with a rigorous audit process. If you’re building in Web3, contact us to secure your project’s success.