How Does Prisma Finance Work?

Stablecoin|Risk C+|7 mechanisms|6 interactions

A stablecoin protocol where you deposit liquid staking tokens (like stETH) and borrow mkUSD against them. It holds $50M in deposits. Its C grade is driven by a $12M hack in March 2024 where attackers exploited a migration tool, plus the persistent problem of mkUSD losing its dollar peg when crypto prices rise.

TVL

$50M

Sector

Stablecoin

Risk Grade

C+

Value Grade

C+

Core Mechanisms

CDP/Overcollateralized

Trove-based CDP for minting mkUSD against LST collateral

Based on Liquity architecture: users open Troves, deposit LST collateral, and mint mkUSD stablecoin. Minimum collateralization ratio enforced through liquidation.

Stablecoin/CDP-Backed

mkUSD stablecoin backed by diversified LST basket

mkUSD accepts multiple LST types (wstETH, rETH, cbETH, sfrxETH) as collateral, diversifying backing but creating correlated risk.

Governance/veToken

vePRISMA vote-escrowed token with gauge-directed emissions

Novel veToken model where locked PRISMA directs emissions to specific LST collateral pools, creating competitive incentive dynamics between LST providers.

Liquidation/Stability-Pool

Stability Pool for mkUSD liquidation absorption

mkUSD holders deposit into stability pool to absorb liquidations and receive discounted LST collateral. Follows Liquity's stability pool pattern.

Integration/Convex-Yearn

Deep integration with Convex and Yearn liquid lockers

Convex and Yearn lock PRISMA tokens to boost rewards and provide liquid locker wrappers, adding composability layers on top of the base protocol.

Migration/Zap

MigrateTroveZap contract for position migration

Zap contract enabling flash-loan-assisted Trove migration between collateral types. Was the vector for the March 2024 exploit due to insufficient input validation.

Fee/Borrowing

One-time borrowing fee plus ongoing interest rate

Borrowers pay an upfront minting fee plus ongoing interest on mkUSD debt, with rates adjustable via governance.

How the Pieces Interact

MigrateTroveZapFlash loan integrationCritical

Insufficient input validation in the onFlashloan() callback enabled the March 2024 exploit where attackers closed victim Troves, withdrew collateral, and reopened with less collateral, stealing 3,479 ETH ($12M).

Multi-LST collateralOracle price feedsHigh

Multiple LST oracle feeds create a wider attack surface; a single oracle manipulation could trigger cascading liquidations across all Troves using that LST type.

mkUSD CDP mintingBull market sell pressureHigh

In bull markets, rising collateral values incentivize maximum minting and immediate selling of mkUSD, creating persistent downward peg pressure that can cascade into liquidations if collateral reverses.

vePRISMA gauge votingLST collateral selectionHigh

LST providers can bribe vePRISMA holders to direct emissions toward their specific LST, potentially over-concentrating protocol exposure in a single liquid staking provider.

Stability PoolLiquidation cascadeMedium

If stability pool is depleted during rapid liquidation cascade, remaining bad debt is redistributed to other Trove holders, socializing losses across all borrowers.

See all 6 interactions in the full risk report →

What Could Go Wrong

  1. Major $12M exploit (March 2024) via MigrateTroveZap input validation failure demonstrates prior security gaps
  2. CDP stablecoins face persistent sell pressure in bull markets as vault owners mint and sell mkUSD
  3. Multi-LST collateral types create correlated depeg risk across all supported liquid staking tokens

Zap Contract Re-Exploit Cascade

Elevated

Trigger: A previously undetected input validation vulnerability in remaining zap or migration contracts is exploited, similar to the March 2024 MigrateTroveZap attack pattern

  1. 1.Attacker discovers unpatched input validation flaw in a zap contract using flash loan interaction Attacker closes victim Troves and re-opens with reduced collateral, siphoning LST assets
  2. 2.Multiple Troves drained before the team can pause contracts Total stolen assets reach $5-15M depending on speed of detection
  3. 3.Emergency multisig pauses all protocol operations All Trove interactions frozen; mkUSD holders cannot redeem, borrow, or adjust positions
  4. 4.mkUSD depegs on secondary markets as redemption is blocked mkUSD trades at 80-90 cents as traders price in potential haircuts
  5. 5.Stability Pool depositors face diluted returns as bad debt is socialized Remaining users absorb losses; trust in the protocol collapses permanently
See all 2 collapse scenarios in the full risk report →

Risk Profile at a Glance

Mechanism Novelty0/15
Interaction Severity11/20
Oracle Surface3/10
Documentation Gaps3/10
Track Record12/15
Scale Exposure3/10
Regulatory Risk4/10
Vitality Risk3/10
C+

Overall: C+ (39/100)

Lower score = safer

More on Prisma Finance

Is Prisma Finance Safe?

Safety analysis

Is Prisma Finance a Good Investment?

Value analysis

Full Risk Report

All mechanisms & interactions

Related Stablecoin Explainers

How Does Elixir Protocol Work?D+How Does Neutrl Work?D+How Does Resolv Work?D+How Does World Liberty Financial Work?C-How Does Usual Protocol Work?C-