prisma_06112023_origin-protocol-wOETH.png Useful Links Websites: oeth.com | originprotocol.com Documentation: Gitbook | Github | Audits Social: Twitter | Blog | Discord | Telegram Contracts: OETH token, Contracts architecture Governance: Gov hub | OGV token | Timelock | Multisig (admin) | Multisig (strategist) Curve: OETH/ETH Factory Pool | Gauge Proposal Dashboard: OETH Analytics | OETH (Dune)

Collateral Risk Assessment - StakeWise Staked ETH (osETH) prisma_20240620_StakeWise-osETH Useful Links Website: stakewise.io Documentation: docs.stakewise.io Social: twitter.com/stakewise_io Contracts: github.com/stakewise/contracts Markets: UniswapV3 (osETH/USDC), BalancerV2 (osETH/WETH), Curve (osETH/rETH)

prisma_10122023_Stader-ETHx Useful Links: Website: https://www.staderlabs.com/ Documentation: Litepaper | Notion | Docs-ETHx | Audits Social: Twitter | Discord | Telegram Contracts: Docs - Contracts Governance: Stader Snapshot | Stader community forums Markets: Curve ETHX-ETH | Curve ETHX-wstETH | Uniswap | PancakeSwap Dashboards: ETHx Metrics | Node Operator Dashboard

prisma_20240228_ether-fi-weETH Useful Links Website: ether.fi Documentation: etherfi.gitbook.io Social: twitter.com/ether_fi Contracts: eETH | weETH | Contracts Registry Markets: Curve (weETH/WETH, weETH/rswETH), Balancer (ezETH/weETH/rswETH | rETH/weETH | WETH/weETH) | Maverick (ETH/weETH) Dashboards: Dune Dashboard

incident Summary A vulnerability in both versions of the MigrateTroveZap (mkUSD and ULTRA) contract of Prisma Finance led to a loss of 3,479.24 ETH, or approximately $12 million USD. In response, the Prisma Finance emergency multi-sig has paused the protocol's operations. The vulnerable contract is a special-purpose contract designed to migrate user positions from one trove manager to another. The vulnerability affects Prisma Trove owners who approved this contract to manage their Trove's position via setDelegateApproval(MigrateTroveZap, True) on the BorrowerOperations contract. The issue occurred when an exploiter made a transaction that, with a lack of input validation in the onFlashloan function, allowed the exploiter to manipulate the contract's behavior and take a portion of a Trove owner's collateral. As a result, the exploiter was able to close a Trove owners Trove, withdraw the collateral (wstETH), and reopen the Trove with the same debt (mkUSD) but less collateral, taking the difference. A thorough investigation is conducted to identify the root cause and implement necessary fixes.

prisma_11052024_Renzo-ezETH Useful Links Website: renzoprotocol.com Documentation: docs.renzoprotocol.com Social: twitter.com/RenzoProtocol Contracts: ezETH | Restake Manager Markets: Balancer (ezETH/WETH ETH, ezETH/WETH ARB, weETH/ezETH/rswETH) | Curve (ezETH/WETH) | UniswapV3 (ezETH/WETH) Dashboards: RenzoProtocol Dune Dashboard | maybeYonas Dune Dashboard

prisma_17052024_Stader-ETHx_v2 Update No: 1 Referenced Report: Collateral Risk Assessment - Stader ETHx The following addendum references the PrismaRisk assessment of ETHx published on December 12, 2023. This update report seeks to present the latest insights and developments from the initial risk assessment of ETHx as of May 1, 2024. The addendum serves to offer additional context, analysis, and updates that have emerged since Dec 12, 2023. References to the initial report will be made throughout. Our review will follow the same format set out in the initial report. Sections and subsections that saw relevant changes are presented.

prisma_19042024_mantle-protocol-mETH Useful Links Website: mantle.xyz/meth Documentation: gitbook.io Social: twitter.com/0xMantle Contracts: docs.mantle.xyz/meth Markets: ByBit (mETH/ETH, mETH/USDT) | Agni Finance (mETH/WETH) | FusionX V3 (mETH/ETH) | Butter.xyz (mETH/WETH) Dashboards: meth.mantle.xyz/stats | Mantle Treasury

A historical evaluation of the Chainlink integration vs an alternative Curve pool EMA Oracle, and implications for the Prisma protocol. prisma_20240321_alternative-prisma-oracles_less-than-1mb Introduction This study stems from the challenge of obtaining reliable on-chain price feeds that are both maximally secure and reflective of the current spot price for the target asset. In particular, we focus our attention on Prisma Finance's collateral assets (wstETH, rETH, cbETH, and sfrxETH) and on Ethereum-based Liquid Staking Derivatives (LSDs) generally. Some of these assets lack Chainlink data feeds, commonly considered the gold standard for reliable price data, impacting their integration with the Prisma platform. The latest Curve Finance stable pool implementations include an internal pool Oracle that computes an Exponential Moving Average (EMA) to derive manipulation-resistant price data. The Oracle is primarily used for securing collateral in Curve's own crvUSD markets, although integrators are beginning to explore using the Oracle in other DeFi applications. The main goal of this report is to determine if Curve Finance's Oracle can be a reliable alternative to Chainlink for ETH LSD tokens. This study involves statistical analysis on the effectiveness of Curve's price Oracle, comparing its volatility, accuracy, and overall performance relative to a Uniswap reference spot price, which is assumed to be the accurate price on-chain.

prisma_20240208_redstone-oracle (2) A comprehensive review to determine the Oracle provider's suitability for onboarding to Prisma Useful Links Website: redstone.finance | Warp (Arweave SDK) Documentation: RedStone Docs | API Docs | GitHub Social: Blog | Medium | Twitter Contracts: EVM Connector Dashboards: Dune Dashboard

Useful links: Website: WBETH | BETH Documentation: FAQ Social: Twitter Contracts: (Ethereum)WBETH | (Ethereum) ExchangeRateUpdater | (BNB) WBETH Markets: Binance WBETH/ETH | Curve WBETH/ETH | Balancer WBETH/wstETH | PancakeSwapv3 WBETH/WETH Dashboards: WBETH Dune Dash | WBETH DexGuru Ethereum and BSC This report is part of a series on liquid staking derivative collateral risk assessments conducted by the Prisma independent risk and research team operated by Llama Risk. In this report, we examine Binance's Wrapped Beacon ETH (WBETH).

Website: coinbase.com/cbeth Documentation cbETH white paper | GitHub | Token Design | Audit | Pricing and Fee Disclosures | User Agreement | API Public Sandbox Social: Twitter Contracts: cbETH | ExchangeRateUpdater | MintForwarder Governance: Investor Relations Markets: Coinbase | UniV3 cbETH/ETH | Bal cbETH/wstETH | Bal cbETH/Boosted Aave v3 WETH | Curve cbETH/ETH Dashboards: Dune: cbETH | Dune: Staking as a Service | DeFiLlama: cbETH Introduction This report is conducted by the Prisma independent risk and research team operated by Llama Risk as part of a series on LSD collateral risk assessments. In this report, we examine Coinbase's cbETH.

Useful Links Website: lido.fi Documentation: docs.lido.fi | Audits | GitHub Social: Twitter | Blog | Telegram | YouTube Contracts: stETH | wstETH | LDO | Staking Router Governance: Research Forum | Aragon | Snapshot | Easytrack Markets: Curve stETH/ETH | Balancer wstETH/WETH Dashboards: DeFiLlama | Rated (validators) | Dune Dash Catalogue | Scorecard This report is conducted by the Prisma independent risk and research team operated by Llama Risk as part of a series on LSD collateral risk assessments. In this report, we examine Lido's wrapped stETH (wstETH).

Website: Rocketpool Documentation: Documentation | Github Social: Twitter | Discord Contracts: rETH | Deposit Contract | Storage Contract | Full List Governance: Forum | Snapshot | DAO Markets: Curve rETH/ETH | Curve rETH/frxETH | Curve rETH/stETH | Uni V3 rETH/WETH 0.05% | Uni V3 rETH/WETH 0.1% Dashboards: Dune rETH Premium | Dune rETH vs stETH | Rocketscan | rETH, Nodes, and RPL | RPL Incentives Introduction This report is conducted by the Prisma independent risk and research team operated by Llama Risk as part of a series on LSD collateral risk assessments. In this report, we examine Rocketpools's rETH.

Useful Links: Website: https://app.frax.finance Documentation: frxETH Docs | Frax Blog Social: Frax Telegram | Frax Telegram Announcements | Twitter Contracts: frxETH | sfrxETH | frxETHMinter | frxETH Treasury multisig Governance: Discussion | Snapshot Markets: Curve frxETH/ETH | UniV3 frxETH/FRAX Dashboards: Frax Facts | frxETH Community Dune This report is conducted by the Prisma independent risk and research team operated by Llama Risk as part of a series on LSD collateral risk assessments. In this report, we examine Staked Frax ETH (sfrxETH).