$6 800 000 USD

JUNE 2024

GLOBAL

VELOCORE

DESCRIPTION OF EVENTS

"As the zkSync era is still in its early stages, major protocols may receive incentives or airdrops during the TGE. ZkSync is an even bigger project than Arbitrum, and we're eager to give back to our early supporters. Let's build the ecosystem in the zkSync era together!"

 

"Drawing inspiration from Andre Cronje's Solidly, Velocore adopts an innovative perspective on the voting-escrow paradigm. The core of Velocore integrates an exponential decay mechanism, guaranteeing a resilient token model for the foreseeable future. The VC framework prioritizes rewarding long-term proponents and harmonizes stakeholder interests by encouraging fee generation."

 

"Embrace the future of DeFi with Velocore by participating in the launchpad for the cutting-edge DeFi protocol in zkSync Mainnet Era" "At Velocore, we empower visionaries like you to fuel groundbreaking innovations and create limitless opportunities."

 

"The velo in Velocore proved too fast and furious, as the L2 DEX lost over $6.8 million in a devastating exploit on June 2nd across its pools on Linea and zkSync."

 

"The primary cause of the incident was faulty logic within the ‘velocore__execute()’ function of the ConstantProductPool. When a user makes a swap on Velocore, the Vault contract makes an external call to this function to calculate the result of the swap."

 

"The flurry of transactions started with the attacker directly invoking velocore__execute() to simulate huge withdrawals and jack up the feeMultiplier. With that jacked-up multiplier inflating effectiveFee1e9 past 100%, the villain executed a flash loan to scoop up most of the tokens and contract the pool.

 

Finally, a small single-token withdrawal minted an egregiously large amount of liquidity tokens due to an underflow error, allowing the drainer to easily repay the flash loan and skip town with $6.8 million in ETH.

 

According to an analysis of the incident from Beosin, the LP Pool lacks permission verification. The attacker directly invoke the velocore__execute function (0xec378808) of the LP contract with a carefully constructed parameter to manipulate the feeMultiplier parameter of the contract."

 

Most sources $10m. Velocore postmortem approximating $6.8 million in ETH.

 

"The hack led the Linea team to halt block production, which has since resumed."

 

"Velocore has offered a 10% bug bounty to the hacker, who has yet to respond."

 

"We received a critical security alert from Cyvers after the first Linea exploit. Since we revoked our admin rights from the vault last year, we couldn’t upgrade the proxy to completely block transactions. Instead, we implemented a semi-pause function by setting the fee to the maximum, which would interrupt swaps while allowing withdrawals in case of an emergency. However, in this case, the proper mitigation was to set the fee to 0%, not to max. Unfortunately, we realized this only after reverse-engineering the transactions, and by then, it was too late.

 

To mitigate the issue and prevent further damage, we have set the fee to 0 for all pools. Consequently, the ‘effectiveFee1e9’ value will always be 0, effectively disabling the vulnerability described above. This measure ensures that the exploit cannot be leveraged anymore."

 

"In light of the recent incident impacting our protocol, Velocore is committed to taking comprehensive measures to resolve the situation and ensure the security and trust of our users. We are actively investigating to track down hackers while trying the on-chain negotiation, having requested cooperation from various protocols and central exchanges to investigate the attacker’s activities. We are also in close communication with our security partners and foundations. Based on the results of these investigations and our collaboration with partners, we will continuously adjust our future plans. For those affected, we have taken a snapshot of the blockchain state prior to the incident. Once operations resume, we will implement an appropriate compensation plan to address the losses incurred to our users. We understand the importance of transparency and fairness in these times and are dedicated to providing clear and effective solutions. Our goal is not only to resolve this issue but also to enhance the protocol’s security measures, rebuild trust, and minimize the damage."

 

Explore This Case Further On Our Wiki

Velocore offers a complex layer 2 solution, which includes decentralized exchanges between different token pairs. A vulnerability in the liquidity pools backing the swaps allowed for an attacker to execute swaps and increase the fee beyond 100%. Once the fee was beyond 100%, a flash loan allowed the attacker to scoop up most of the tokens and contracts in the pool. The attacker was offered a 10% bounty. They have a chance to remain anonymous as they both sent and received funds via TornadoCash.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2019 - 2025 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.