Full Report
Prisma Finance is a hacked Liquidity fork that has been a ghost ever since. However, there is still some liquidity in it that they needed to get out. They discovered several other bugs in it while trying to decommision it. As the TVL dwindled, a subtle account bug came to light. This was discovered after seeing a mismatch in the sum of the user debt and the actual user debt. The culprit is a stale value being used that did not include the interest from a previous call. Over time, a drift between the collateral's asset value and the tracking of debt would occur. If too much was tried to be withdrawn, then an integer underflow would occur, rendering it all useless. At first, they thought fixing this was impossible, since it was in a sunset mode. However, they noticed that Governance was still enabled. By setting the oracle contract to return a value of uint256.max, users could withdraw their collateral again. This manipulated price created a bunch of bad debt in the protocol but users could get their funds back. The second bug is MUCH worse. A Discord user posted that collateral gains from the ULTRA pool could not be claimed. At the top of the function claimCollateralGains(), the author noticed _accrueDepositorCollateralGain. This function rests a value that SHOULD have been zeroed out. Effectively, this removes the replay protection. This was exploited for 13ish ETH a while ago. Prisma needed to reduce the debt ceiling to zero. Because of this, the mkUSD and ULTRA loans were not allowed. When this happened, Prisma's stablecoins deviated from their $1 peg to as high as $1.45. Why? The stablecoins are required for users to close their loans. Since this was the case, the token became more valuable. Traders hoarded the token to drive up the price and got a profit from the sale. Because of this bad market dynamic, they added a manual 1 to 1 peg to allow users to close their loans without paying high amounts. There are still $80K in debt remaining that needs to be claimed. Overall, a super interesting post on the complexities of shutting down a protocol.
Analysis Summary
# Incident Report: Decommissioning Prisma Finance - Multi-Vector Protocol Failures
## Executive Summary
During the decommissioning of Prisma Finance by the Resupply team, multiple critical vulnerabilities and economic flaws were identified. These included a Trove Manager accounting bug that trapped user collateral, a replay protection flaw in the ULTRA stability pool leading to the theft of 13.92 ETH, and a market-driven upward depeg of stablecoins (mkUSD/ULTRA) to $1.45. Through governance-led oracle manipulation and the creation of a custom Peg Stability Module (PSM), the team successfully restored user access to funds and stabilized the protocol's solvency.
## Incident Details
- **Discovery Date:** Late December 2024 - January 2025
- **Incident Date:** Ongoing throughout the decommissioning phase (Late 2024)
- **Affected Organization:** Prisma Finance
- **Sector:** Decentralized Finance (DeFi)
- **Geography:** Global / Ethereum Blockchain
## Timeline of Events
### Initial Access (ULTRA Stability Pool Exploit)
- **Date/Time:** December 2024
- **Vector:** Smart Contract Logic Error
- **Details:** An attacker exploited the `claimCollateralGains()` function in the ULTRA stability pool. A coding error failed to properly zero out claimed values, allowing the attacker to repeatedly claim the same collateral.
### Lateral Movement
- **N/A:** The incidents were localized to smart contract interactions rather than a network breach.
### Data Exfiltration/Impact
- **Theft:** Approximately 13.92 ETH was extracted via the stability pool exploit.
- **Collateral Lock:** An accounting bug in `openTrove()` caused an integer underflow, preventing users from closing loans and withdrawing thousands in collateral.
- **Market Impact:** Stablecoins mkUSD and ULTRA depegged to $1.45 due to supply hoarding.
### Detection & Response
- **Detection:** Discovered by the Resupply team (accounting bug) and a Discord user "pastelfork" (ULTRA exploit).
- **Response Actions:**
- Manipulation of the Oracle to `uint256.max` to bypass debt checks.
- Deployment of "Operation Rainbow Pegger" (PSM) to restore 1:1 parity with crvUSD.
- Used unclaimed protocol revenue (crvUSD) to cover $35,000 in created bad debt.
## Attack Methodology
- **Initial Access:** Smart contract vulnerability exploitation (Replay Attack/Logic Error).
- **Persistence:** Not applicable; transaction-based exploits.
- **Privilege Escalation:** Exploited the lack of state updates in the `claimCollateralGains` function.
- **Discovery:** Public code inspection and observation of "stale values" in Trove Manager checkpoints.
- **Impact:** Financial loss (ETH theft) and Operational disruption (locked collateral and depegged assets).
## Impact Assessment
- **Financial:** 13.92 ETH stolen; $35,000 in bad debt created (later covered); $80,000 in debt remains.
- **Data Breach:** None (non-custodial protocol).
- **Operational:** Protocol rendered "useless" due to underflow errors; required custom UI and PSM deployment to resolve.
- **Reputational:** High; Prisma Finance was already a "ghost ship" following a previous hack.
## Indicators of Compromise
- **Behavioral indicators:**
- Repeated calls to `claimCollateralGains()` from the same address in a short window.
- `openTrove()` transactions reverting with underflow errors.
- Sudden divergence of mkUSD/ULTRA price from $1.00 peg.
## Response Actions
- **Containment:** Reduced debt ceilings to zero (which inadvertently caused the depeg).
- **Eradication:** Governance-led oracle price manipulation to "force" collateral releases.
- **Recovery:** Development of a custom Peg Stability Module (PSM) at `https[:]//prisma-psm[.]yearn[.]space/` to allow 1:1 debt repayment using crvUSD.
## Lessons Learned
- **Sunset Complexity:** Shutting down a protocol is as complex as launching one; "Sunset Mode" can inadvertently disable the very administrative tools needed to fix emerging bugs.
- **Accounting Integrity:** State updates must include accrued interest before checkpoints to avoid catastrophic underflows as TVL decreases.
- **Incentive Alignment:** Closing debt ceilings without providing a secondary exit liquidity source creates a "short squeeze" dynamic for borrowers.
## Recommendations
- **Rigorous Testing for Low-TVL Scenarios:** Smart contracts should be audited for edge cases involving near-zero balances and integer underflows.
- **Emergency Governance Buffers:** Ensure decommissioning protocols retain enough governance flexibility to upgrade oracles or migrate funds if accounting fails.
- **Native PSM Integration:** Modern DeFi protocols should include Peg Stability Modules by default to handle liquidity crunches during volatile periods or sunsets.