The Challenge: Aggregated Collateral, Distributed Risk
In the stablecoin landscape, Permissionless Technologies set out to tackle a long-standing problem: how to maintain solvency and transparency in an over-collateralized system without relying on a single collateral provider. Their solution, the USPD protocol, introduced a new stablecoin (cUSPD) backed by aggregated collateral from multiple independent stabilizers.
But this innovation came with serious security challenges:
Collateral Accounting Risks: Aggregating collateral from multiple actors introduced new complexity in ensuring accurate tracking and maintaining over-collateralization
Liquidation Reliability: The protocol’s automated liquidation mechanism had to consistently enforce solvency across diverse, NFT-based collateral positions
Oracle Dependency: Accurate pricing was essential, with the protocol relying on dynamic oracle inputs from Chainlink, Uniswap, and Morpho
Access Control Weaknesses: Misconfigured permissions could allow attackers to bypass safeguards or manipulate protocol logic
To protect user funds and preserve trust, the system required a deep security review ahead of mainnet deployment.
Our Process: Rigorous Audit for Multi-Party Stability
When Permissionless Technologies engaged Nethermind Security, they needed more than a surface-level check. The protocol’s novel architecture, combining NFT-based positions, dynamic pricing, and decentralized collateral aggregation, demanded a meticulous, protocol-wide review.
Over a two-week period, we conducted a full audit of the USPD codebase, which included:
Collateral Logic Review: We assessed the aggregation mechanism for edge cases that could break the over-collateralization guarantee
Liquidation Path Testing: We analyzed the automated liquidation mechanism to ensure accurate and timely enforcement
Oracle Pricing Integration Checks: We examined how pricing feeds from Chainlink, Uniswap, and Morpho impacted collateral valuations
Access Control Analysis: We reviewed all privilege boundaries to prevent unauthorized control or manipulation
Remediation Support: We worked closely with the client via Telegram and sync calls, and conducted an additional code review post-fix
Our Findings
Our audit surfaced several critical vulnerabilities that, if left unaddressed, could have compromised the protocol:
Collateral Manipulation Risks: We identified flaws in how collateral positions were accounted for and tracked, which could have allowed users to escape liquidation or misreport backing ratios.
Pricing Logic Gaps: The integration of multiple oracle sources introduced potential inconsistencies and manipulations, especially when fallback mechanisms or data discrepancies were triggered.
Denial of Service Vectors: Weaknesses in the liquidation path could have allowed attackers to disrupt the system and prevent liquidation entirely, endangering the solvency of cUSPD.
Access Control Issues: We found several access control misconfigurations that, if exploited, could bypass protocol safeguards or allow unauthorized functions to be triggered.
The Outcome: A Stronger, Safer Stablecoin Launch
Our audit led to the identification and resolution of:
3 critical vulnerabilities
3 high severity issues
2 medium severity issues
Several additional low-severity findings
The USPD team acted quickly to implement fixes across the board. As a result:
The protocol launched with improved safety and resilience
Key logic paths were hardened against manipulation and abuse
Critical infrastructure was secured ahead of user adoption
Results: Measurable Security Gains
The audit directly contributed to:
Remediation of vulnerabilities across pricing, access, and liquidation logic
Greater confidence in cUSPD’s stability and solvency guarantees
A strong foundation for future multi-chain deployments
Why This Work Matters
As more protocols explore multi-party collateral models and NFT-based financial primitives, the USPD audit showcases what it takes to secure them:
Systemic Safety: Our work reinforced the solvency and transparency model across independent stabilizers
Automation with Safeguards: We ensured that liquidation and pricing logic worked reliably under adversarial conditions
Innovation with Confidence: We helped Permissionless Technologies bring a novel design to market without compromising on user protection
As DeFi systems scale in complexity, stablecoins must be as secure as they are innovative. Our collaboration with the USPD team helps move the ecosystem toward that reality.
.svg){kind=icon}
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg){kind=icon}
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.png)
.png)
.png)
