Meridian Finance Audit
Final pre-launch audit for a BNB Chain lending protocol.
Critical Found
User Funds Protected
Audit Duration
Lines Reviewed
Context
Meridian Finance was preparing to launch a lending protocol on BNB Chain. Two weeks before launch, they hired us for a final security audit. We found a critical reentrancy vulnerability that would have allowed complete drainage of the lending pool.
Challenge
The vulnerability was non-obvious — it exploited a read-only reentrancy pattern in an integrated external price oracle, not in the lending contract itself. Automated tools missed it. Manual review caught it on day 3.
Execution
1 Critical: Read-only reentrancy via oracle integration (full drain PoC)
2 High: Unchecked return values + flash loan price manipulation vector
5 Medium: Access control issues, precision loss, unbounded loops
9 Low/Informational: Gas optimizations, code quality, documentation
Full audit report (PDF + Markdown, 47 pages)
Free re-audit within 48 hours of fixes
Numbers that shipped
Critical Found
User Funds Protected
Audit Duration
Lines Reviewed