Solend Lending Whale Bad Debt
Reviewer-first evidence page for fixtures/replays/lending-whale-bad-debt. The claim boundary is scoped to the committed simulation inputs, canonical hash, and deterministic rerun listed below.
6c59db5ebf916c8cc068c8fea8727d4edf26d244f288f6dadd7e9ae47d16c4a1 What broke
no_bad_debt fired at tick 4. The recorded reason was field=`bad_debt` observed=3600.0 == expected=0.0.
In June 2022, Solend's main pool carried a single large account whose SOL collateral and stablecoin debt represented a substantial share of both sides of the pool. Falling SOL price moved the position toward liquidation, and public reporting at the time raised concerns about DEX liquidity, liquidator-bot competition under network load, and the residual bad debt the pool would absorb if the cascade ran.
The first governance proposal (SLND1) granted Solend Labs emergency powers to execute the whale's liquidation OTC. A second vote (SLND2) reversed those powers after community backlash, and the realized risk was reduced through coordination and position reduction rather than an on-chain bad-debt event.
The episode was a near-miss, not a public record of realized bad debt. Riptide's case study models the counterfactual failure shape: what the same concentration and oracle-drawdown geometry looks like when the protocol clears the liquidation path on-chain and residual bad debt appears at the pool level.
This page does not reconstruct the November 2022 USDH/Saber-oracle exploit, which is a separate Solend incident with a different failure path.
Replay shape
Riptide replays the Solend-shape failure geometry — whale-concentrated borrower exposure, oracle-shock-driven undercollateralization, residual bad debt. The replay runs against Riptide's shipped Solend-shaped lending fork, not the deployed Solend program binary.
The replay seeds five whale borrowers in a single lending pool. Each whale starts with collateral = 100 and debt = 6400, creating concentrated exposure to the same oracle path. An explicit oracle trajectory drives the price from 100 at tick 0 to 60 at tick 4. At tick 4, five liquidator instructions run against the five whales; the drawn-down collateral value cannot cover the repay plus liquidation bonus, and the pool records residual bad debt.
Parameter region
The Solend-shaped lending bundle ships a 3 × 3 whale-share × shock-magnitude sweep. Each cell runs the same fixture with one whale-concentration and one shock-magnitude pair held fixed; the cell is classified by whether terminal pool bad debt is zero. The unsafe region is the 40 % shock column — whale concentration scales the magnitude of the bad debt event but the shock magnitude is the boundary the geometry actually crosses.
| Shock 1 | Shock 2 | Shock 3 | |
|---|---|---|---|
| whale 5% | SAFE | SAFE | FIRE |
| whale 15% | SAFE | SAFE | FIRE |
| whale 25% | SAFE | SAFE | FIRE |
Cell labels: SAFE = terminal pool bad debt 0; FIRE = terminal pool bad debt > 0 (no_bad_debt invariant fires). Sweep driver: scripts/lending-whale-grid.sh. Canonical scenario fixture: fixtures/scenarios/lending/whale-shock-grid/. Presentation aggregate: fixtures/analysis/lending/hero-grid/bad-debt-table.json.
Why it matters
This lending protocol class matters because concentrated borrowers can turn a sharp collateral-price drawdown into path-dependent liquidations and residual bad debt. This geometry resembles the failure shape seen in Solend's June 2022 whale-risk episode, but it does not claim to reproduce that incident's on-chain history.
Coverage and post-incident discussion of the June 2022 episode. References are honest secondary coverage and governance-context posts, not bytecode, state, or oracle provenance.
Primary context
Secondary coverage
- CNBC — 'A crypto lending app tried to take over a whale account to stop it from collapsing the system' (June 20, 2022)
- CoinDesk — 'Solend's Whale Liquidation Crisis Prompts Second Vote to Reverse Emergency Powers' (June 20, 2022)
- Forkast — 'Solend DAO overturns vote to take over at-risk whale wallet' (June 20, 2022)
- CryptoSlate — interview with Solend founder Rooter (July 3, 2022)
- BlockBeats — community / governance analysis (June 20, 2022)
Separate boundary reference
Separate incident, used only to draw the boundary — not part of this case study:
Reproduce
Start from a clean checkout, install the CLI, then rerun the committed replay configuration. The expected canonical hash is listed in Artifacts.
Installcurl -fsSL https://riptide.run/install | sh Rerun cd fixtures/replays/lending-whale-bad-debt && riptide replay config.json --allow-invariant-violationsThe public rerun script is mirrored as an artifact; this page renders the minimal command path so reviewers do not need to read generated comments.
Artifacts
6c59db5ebf916c8cc068c8fea8727d4edf26d244f288f6dadd7e9ae47d16c4a1fixtures/replays/lending-whale-bad-debt2bca411f1a8a09313db0e4afcadf822e3442a73ffailure-shape replayThe replay-scoped adapter declares no_bad_debt as a strict equality invariant: pool.bad_debt must equal 0 at every tick. The canonical evidence shows the invariant fires once at tick 4, with observed bad_debt = 3600.0 against expected 0.0.
- T4
no_bad_debtfield=`bad_debt` observed=3600.0 == expected=0.0
What this does not prove
- a byte-level reproduction of any specific on-chain incident,
- a governance-intervention / OTC-coordination claim,
- an audit or safety claim about any real lending protocol (Solend / Save, Kamino, MarginFi, etc.).