Overview##

In July 2025, Liquid Loot engaged Obsidian Audits for a 5-day audit of their NFT lending smart contracts.

Following the audit and fix-review, Liquid Loot had a second review from Three Sigma, a top-tier security auditing firm.

This case study highlights how Obsidian’s audit identified and helped resolve multiple high severity issues in Liquid Loot's codebase, resulting in no major vulnerabilities being reported by the subsequent review.

Results##

Extract from Obsidian Audits' report, summarizing the issues identified during the review:###

Note: the image does not contain all the issues found, the full report is linked here

A total of 16 issues were identified and categorized based on severity:

• • 3 Critical severity
• • 4 High severity
• • 5 Medium severity
• • 4 Informational

The critical and high severity issues had the potential to cause significant financial loss or severely disrupt the protocol’s functionality. For this review, we provided the additional service of fixing all the uncovered issues, and refactoring the code as needed.

---

Extract from Three Sigma’s report, conducted after Obsidian's audit and fix review:###

The issues identified, are categorized as follows:

• • 0 Critical/High severity
• • 5 Medium severity
• • 3 Low severity

No high or critical vulnerabilities were found.