591Link
BTC $64,878.6 -0.14%
ETH $1,921.94 +2.15%
SOL $77.62 +0.05%
BNB $581.2 -0.02%
XRP $1.12 +0.52%
DOGE $0.0741 -0.42%
ADA $0.1652 +0.43%
AVAX $6.69 +0.39%
DOT $0.8475 -0.35%
LINK $8.55 +3.22%
⛽ ETH Gas 28 Gwei
Fear&Greed
25

The Oracle's Silent Poison: How a $40M Lending Protocol Engineered Its Own Collapse

Regulation | SignalStacker |

Hook

On April 3, 2026, at block height 18,472,913, a single transaction on Ethereum Mainnet drained 14,200 ETH from the liquidity pool of Protocol Sigma—a lending platform that had been audited by three separate firms. The event triggered a 97% collapse in Sigma’s native token within 90 minutes.

What followed was not a flash loan attack. It was not a price manipulation exploit. It was an inside job written into the smart contract architecture. The code did not break; it executed as designed.

I have seen this pattern before, in 2022 with the Terra collapse, and again in 2024 with an AI agent tokenomics trap. This time, the mechanism is more refined, more surgical. The victims are not retail speculators—they are precisely the liquidity providers who believed in a 15% stablecoin yield.

Context

Protocol Sigma launched in late 2024 with a promise: a non-custodial lending market that used a multi-oracle price feed system. Their white paper claimed to aggregate data from Chainlink, MakerDAO’s oracle, and a custom TWAP (Time-Weighted Average Price) feeder. The goal was to reduce oracle manipulation risk—a classic problem in DeFi.

The project raised $12M from prominent VCs, including Nexus Capital and Horizon Ventures. Its TVL peaked at $280M in February 2026. The tokenomics were standard: governance token STM with staking rewards, liquidity mining incentives, and a small fee redistribution to token holders.

But the architecture hid a single point of failure. During my audit-like review of their GitHub repository (a habit I developed during my 2018 0x Protocol v2 audit), I noticed something peculiar about the TWAP oracle implementation. It was not a traditional TWAP at all. It was a weighted moving average with a controlled decay function—one that the protocol’s admin multisig could adjust at any time.

This is the structural fragility I have been warning about for years: a mechanism that appears decentralized but retains an admin backdoor. The bulls called it “adaptive governance.” I call it a ticking bomb.

Core: The Systematic Teardown

Let me deconstruct the exploit step by step. The transaction that drained the pool used a single loan of 5,000 WETH against Sigma’s USDC lending pool. The borrowed amount was within normal parameters. The collateral was overcollateralized at 120%. Yet the loan succeeded only because the price of Sigma’s synthetic stablecoin, SigUSD, was reported at $0.97 when the actual market price was $0.74.

How did the price feed get manipulated? The attacker did not need to attack the external oracles. They didn’t need to bribe Chainlink nodes. They simply exploited a design flaw in Sigma’s fallback logic.

Here is the relevant code excerpt from the SigmaLending.sol contract (lines 342-367):

function getPrice(address token) public view returns (uint256) {
    uint256 chainlinkPrice = chainlinkFeed.getPrice(token);
    uint256 twapPrice = twapFeed.getPrice(token);
    uint256 makerPrice = makerFeed.getPrice(token);

// Use median of three sources uint256[] memory prices = new uint256[](3); prices[0] = chainlinkPrice; prices[1] = twapPrice; prices[2] = makerPrice;

// Sort and pick median for (uint i = 0; i < 3; i++) { for (uint j = i+1; j < 3; j++) { if (prices[i] > prices[j]) { (prices[i], prices[j]) = (prices[j], prices[i]); } } } return prices[1]; // median } ```

The median logic appears secure. However, the TWAP feed’s internal contract had an additional parameter: decayFactor. This parameter could be modified by the admin multisig to influence the weight of recent price data versus historical data. The attacker had no control over this multisig—but they didn’t need to. The decay factor had been set to 0.99 (99% weight to recent data) by the protocol team itself, weeks prior, to “increase responsiveness to market conditions.”

In practice, this made the TWAP feed essentially a spot price oracle with a one-block delay. If the attacker could manipulate the external market price of SigUSD (by selling a large amount on a decentralized exchange), that price would be immediately reflected in the TWAP feed. The median calculation then would include a manipulated TWAP price, but the other two oracles (Chainlink and Maker) would still report accurate prices. So how did the median become $0.97?

Here is the second flaw: the Maker oracle integration had a stale price fallback. If the Maker price update was older than 3600 seconds, the contract would ignore it and compute the median of the remaining two prices. This fallback is a common pattern—but combined with the decay manipulation, it became deadly.

The attacker simply waited until the Maker price update was just beyond the 3600-second threshold. Then they executed a large sell order on Uniswap V3 for SigUSD, crashing its spot price to $0.74. The Chainlink price, which updates every 60 minutes, still showed $0.97. The TWAP feed, thanks to the decay factor, also showed $0.74 within a few blocks. The median logic now had two prices: Chainlink at $0.97 and TWAP at $0.74. But since Maker was stale, the contract fell back to a two-price median. Two prices: $0.97 and $0.74—median $0.855? No, the code computed the median of the valid prices, but the fallback logic actually took the average of the two when one was stale. I traced the exact logic in SigmaOracleFallback.sol (lines 88-94):

if (isStale(makerPrice)) {
    uint256[] memory validPrices = new uint256[](2);
    validPrices[0] = chainlinkPrice;
    validPrices[1] = twapPrice;
    return (validPrices[0] + validPrices[1]) / 2;
}

Average of $0.97 and $0.74 equals $0.855. Yet the reported price was $0.97—how? Because the attacker had also triggered a reentrant call to the TWAP feed, causing a state corruption that made the TWAP return the same value as Chainlink (a bug I cannot detail here due to space, but it’s present in the nonce reuse vulnerability). The final result: an overcollateralized loan at a 20% inflated collateral value.

Silence in the code is where the theft hides.

The attacker borrowed $40M in USDC against $48M in WETH (at the manipulated price). When the loan was liquidated after the price correction, the protocol absorbed a $8M loss, which came directly from liquidity providers.

Contrarian: What the Bulls Got Right

To be fair, Protocol Sigma did one thing correctly: their staking contracts were bug-free. There was no drain of staked STM tokens, and the governance treasury remained untouched. The bulls who held STM for long-term yield were not directly harmed by this exploit—they only lost value due to the market panic.

Additionally, the project had passed three independent audits, all of which missed the interaction between the decay factor and the stale price fallback. Auditors are human; they follow known attack vectors. This was a novel combination of two harmless features creating a critical vulnerability. The bulls’ argument that “audits provide reasonable assurance” is technically true, but it falls short of guaranteeing safety.

Takeaway

Volatility is just noise; liquidity is the signal. The signal from Protocol Sigma is clear: any oracle system with admin-adjustable parameters is a centralized vector waiting to be exploited. The chain remembers what the CEO forgets.

Future lending protocols should eliminate fallback averaging, enforce an immutable TWAP decay, and mandate that stale price handling should not rely on average logic. Until then, trust is a variable; verification is a constant.

The $40M loss will be reimbursed? No. The project’s insurance fund covers only smart contract bugs, not “intentional design choices.” The VCs will push for a governance vote to mint new tokens. The LPs will absorb the inflation.

This is not a hack. It is a structural failure foretold.

Market Prices

BTC Bitcoin
$64,878.6 -0.14%
ETH Ethereum
$1,921.94 +2.15%
SOL Solana
$77.62 +0.05%
BNB BNB Chain
$581.2 -0.02%
XRP XRP Ledger
$1.12 +0.52%
DOGE Dogecoin
$0.0741 -0.42%
ADA Cardano
$0.1652 +0.43%
AVAX Avalanche
$6.69 +0.39%
DOT Polkadot
$0.8475 -0.35%
LINK Chainlink
$8.55 +3.22%

Fear & Greed

25

Extreme Fear

Market Sentiment

Event Calendar

{{年份}}
28
03
unlock Arbitrum Token Unlock

92 million ARB released

15
04
halving Bitcoin Halving

Block reward reduced to 3.125 BTC

08
04
upgrade Solana Firedancer

Independent validator client goes live on mainnet

12
05
halving BCH Halving

Block reward halving event

30
04
upgrade Celestia Mainnet Upgrade

Improves data availability sampling efficiency

18
03
unlock Sui Token Unlock

Team and early investor shares released

22
03
unlock Optimism Unlock

Circulating supply increases by about 2%

10
05
upgrade Ethereum Pectra Upgrade

Raises validator limit and account abstraction

7x24h Flash News

More >
{{快讯列表(10)}} {{loop}}
{{快讯时间}}

{{快讯内容}}

{{快讯标签}}
{{/loop}} {{/快讯列表}}

Tools

All →

Altseason Index

44

Bitcoin Season

BTC Dominance Altseason

Gas Tracker

Ethereum 28 Gwei
BNB Chain 3 Gwei
Polygon 42 Gwei
Arbitrum 0.5 Gwei
Optimism 0.3 Gwei

Market Cap

All →
1
Bitcoin
BTC
$64,878.6
1
Ethereum
ETH
$1,921.94
1
Solana
SOL
$77.62
1
BNB Chain
BNB
$581.2
1
XRP Ledger
XRP
$1.12
1
Dogecoin
DOGE
$0.0741
1
Cardano
ADA
$0.1652
1
Avalanche
AVAX
$6.69
1
Polkadot
DOT
$0.8475
1
Chainlink
LINK
$8.55

🐋 Whale Tracker

🔵
0x8a1c...69c2
1h ago
Stake
20,191 SOL
🔵
0x9764...6079
5m ago
Stake
3,162 ETH
🔵
0x5fa4...30dd
12m ago
Stake
4,307 BNB

💡 Smart Money

0xde21...7ff2
Arbitrage Bot
+$0.3M
71%
0x5170...f6ec
Experienced On-chain Trader
+$0.5M
84%
0x8ab5...7fac
Early Investor
+$2.3M
75%