economic-shape replay Lending Incident · March 13, 2023

Euler Donate and Liquidate

Reviewer-first evidence page for fixtures/replays/euler-donate-and-liquidate. The claim boundary is scoped to the committed simulation inputs, canonical hash, and deterministic rerun listed below.

Canonical hash 03de00e2d2ba97344b1572ae79679d43473a27a136447c6b1a28691eda14a2f8

[ 01 ]

What broke

Outcome / verdict

no_bad_debt fired at tick 2. The recorded reason was field=`bad_debt` observed=4720.0 == expected=0.0.

Euler Finance's March 2023 exploit used a collateral-removal path that did not re-check account health. The simplified failure shape is: collateral leaves the account, the account becomes deeply undercollateralized, and a sibling liquidation turns the shortfall into protocol bad debt.

Riptide does not replay Euler's EVM contracts. This case study models the donate-and-liquidate accounting geometry on Riptide's Solana lending fork with a dedicated `Donate` instruction that removes collateral without a health check.

Replay shape

The replay starts with a healthy donor position at collateral = 100 and debt = 6400. At tick 1, the donor calls `donate(80)`, reducing collateral to 20 while debt remains unchanged.

At tick 2, a liquidator account repays the donor debt and attempts to seize collateral plus bonus. The remaining collateral cannot cover the repay-plus-bonus value, so the pool records 4720 bad debt.

[ 02 ]

Why it matters

This lending protocol class matters because a health-check gap on a collateral-removal path can turn a nominally self-contained account action into protocol-level bad debt. The replay mirrors the donate-and-liquidate geometry associated with Euler's March 2023 exploit, but it does not claim to reproduce Euler's EVM bytecode or transactions.

Public post-mortems describing the original Euler failure mode. These references motivate the shape; they are not bytecode or transaction provenance for this Solana replay.

Primary context

[ 03 ]

Reproduce

Start from a clean checkout, install the CLI, then rerun the committed replay configuration. The expected canonical hash is listed in Artifacts.

Install curl -fsSL https://riptide.run/install | sh Rerun cd fixtures/replays/euler-donate-and-liquidate && riptide replay config.json --allow-invariant-violations

The public rerun script is mirrored as an artifact; this page renders the minimal command path so reviewers do not need to read generated comments.

[ 04 ]

Artifacts

Canonical hash 03de00e2d2ba97344b1572ae79679d43473a27a136447c6b1a28691eda14a2f8

Source path fixtures/replays/euler-donate-and-liquidate

Source commit 2bca411f1a8a09313db0e4afcadf822e3442a73f

Evidence type economic-shape replay

The replay-scoped adapter declares `no_bad_debt` as `pool.bad_debt == 0`. The canonical evidence shows `no_bad_debt` fires once at tick 2, with observed bad_debt = 4720.0 against expected 0.0.

T2 no_bad_debt field=`bad_debt` observed=4720.0 == expected=0.0

simulation-result.json manifest.json summary.md trace.md rerun.sh provenance.json

[ 05 ]

What this does not prove

a byte-level reproduction of Euler's EVM bytecode or the exploit transactions,
an audit or safety claim about Euler Finance, eToken accounting, or any deployed lending protocol,
a cross-chain replay (Euler is on Ethereum; this pack reproduces the *economic shape* on Riptide's Solana toy lending fork).