What Happened

Loopscale — 2025 Backtest

$5.8M|Smart Contract Exploit|May 7, 2025

Attacker exploited a vulnerability in the RateX PT collateral oracle to manipulate the price of principal tokens used as collateral. By transiently inflating the oracle-reported PT collateral value, the attacker borrowed against phantom collateral value, draining lender pools of approximately $5.8M. The vulnerability was in the unaudited RateX collateral integration — the exact component that OShield had excluded from its audit scope.

What Hindenrank Would Have Said

As of April 1, 2025

C-
Risk Score
57/100

Loopscale rates D+ as of April 2025. The RateX PT collateral oracle gap represents a critical architectural risk that went unreviewed at public launch. Fixed-rate lending against principal tokens is a genuinely novel mechanism with no audited DeFi precedent — exactly the type of innovation that carries elevated pre-audit risk. The combination of a novel collateral type, AMM-derived pricing, and a known audit gap justifies a D+ grade and extreme caution.

Mechanism Novelty13/15
Interaction Severity15/20
Oracle Surface10/10
Documentation Quality7/10
Track Record2/15
Scale Exposure0/10
Regulatory Risk4/10
Protocol Vitality6/10

Grade Predicted This Failure

Flagged by dimensions: Mechanism Novelty, Interaction Severity, Oracle Surface, Documentation Quality

One or more collapse scenarios directly matched the actual failure mode.

Top Risks Identified

  1. 1.Unaudited RateX PT (principal token) collateral integration added to production March 27, 2025 — OShield audit covered core contracts but NOT the RateX collateral oracle logic
  2. 2.PT token pricing relies on RateX internal AMM state rather than external price feeds — novel oracle attack surface with no DeFi-wide precedent for this collateral type
  3. 3.Protocol in closed beta until April 10, 2025 — extremely limited public production testing despite $40M TVL cap at launch
  4. 4.OShield audit (Feb 2025) identified 3 Critical oracle-related findings in the core vault; RateX collateral module was out of scope
  5. 5.Formerly known as Bridgesplit — pivot from Solana NFT lending to Solana yield-bearing collateral lending introduces significant architecture transformation risk

Collapse Scenarios

RateX PT Oracle Manipulation Attack

Elevated
Trigger

Attacker identifies that PT collateral oracle derives price from RateX AMM pool state and executes a manipulation attack within a single Solana transaction to borrow against inflated collateral.

Cascade
1.
Attacker funds large position to manipulate the RateX PT/underlying AMM pool, transiently shifting the implied PT priceLoopscale's PT oracle reads the manipulated pool state and reports inflated collateral value for all PT-backed positions
2.
Attacker opens a borrow position against PT collateral at the inflated oracle price, borrowing USDC or SOL far exceeding the PT's true valueProtocol extends credit against phantom collateral value; loan is structurally undercollateralized from inception
3.
Pool price reverts to fair value; attacker's PT collateral is now worth a fraction of the outstanding loanLoopscale lender pools face bad debt equal to the gap between manipulated borrow value and true collateral value
4.
Attack repeats across multiple PT collateral markets before team can pause protocolLender pools drained; Solana DeFi confidence dented; Loopscale forced to pause; equity holders face total loss
Historical Precedent

EraLend (July 2023) exploited a similar oracle-state manipulation in an accumulator-based lending protocol. Platypus Finance (Feb 2023, $8.5M) used AMM pool manipulation to exploit collateral calculations. The specific PT oracle vector is novel but the attack class is established.

Audit Gap Exploitation at Public Launch

Elevated
Trigger

Protocol transitions from closed beta to public on April 10, 2025 with known audit gap in RateX collateral module. Attacker who has been monitoring the closed-beta contracts exploits the unaudited component immediately at or after public launch.

Cascade
1.
Attacker monitors Loopscale contracts during closed beta period; identifies RateX collateral oracle contract is not yet auditedAttacker prepares exploit targeting the unaudited PT oracle implementation
2.
Protocol opens to public on April 10, 2025; lender TVL increases rapidly as new users depositAttacker waits for sufficient lender pool TVL to maximize exploit proceeds
3.
Attacker executes the prepared exploit against the unaudited RateX collateral oracleLender pool funds drained; protocol pauses; Sec3 audit (still in-progress at cutoff) arrives too late
Historical Precedent

Multiple DeFi protocols have been exploited immediately after public launch when audits were pending or incomplete. The combination of 'closed beta → public launch' transition with a known audit gap creates a predictable attack window.

See how today's protocols score

The same 8-dimension rubric applied to 672+ live protocols.

View LeaderboardAll Backtests