Key security areas addressed by the system.

Ensure liquidation transactions meet protocol rules. All transactions are simulated via eth_call before submission. Dry-run mode is the default; live execution requires explicit opt-in.

Prevent duplicated transaction execution. Each liquidation has an idempotency key derived from hash(borrower_address + block_number + debt_asset). The execution log in PostgreSQL enforces uniqueness.

Detect and mitigate price oracle manipulation. Sanity bounds on price changes between blocks flag anomalous oracle updates. Full mitigation (multi-oracle comparison) is deferred to roadmap.

Execution signing keys are loaded from environment variables or a secrets file at startup. Keys are never persisted in code, config files, or logs. In production, use a KMS or HSM-backed signer.

A circuit breaker pattern halts all execution when the failure rate exceeds a configurable threshold, preventing cascading losses during network instability or unexpected protocol behavior.