Velocore Finance Exploit—June 2, 2024—Detailed Analysis

Overview

On June 2, 2024, Velocore, a decentralized exchange (DEX) on the zkSync and Linea blockchains, was hit by a major hack, resulting in a loss of around $7 million in ETH.

The breach originated from weaknesses found within the Balancer-style CPMM pool contract. This breach resulted in over 700 ETH being transferred to the Ethereum mainnet. The attack happened even though Velocore had passed security audits from well-known audit firms.

About Velocore Finance

Velocore operates on zkSync, a Layer-2 protocol that leverages ZK technology to enhance Ethereum scalability. Its goal is to offer users a swift, secure, and efficient platform for asset trading, aiming to reduce transaction fees and slippage while integrating various protocols into the zkSync ecosystem.

Aligned with the zkSync era’s objectives, Velocore seeks to not just enhance Ethereum’s transaction capacity but also to promote broader principles such as freedom, self-sovereignty, and decentralized governance.

Root Cause of the Hack

The issue originated from errors in the logic of the velocore__execute() function within the ConstantProductPool.

This function is invoked by the Vault contract whenever a user initiates a swap on Velocore and is responsible for computing the swap outcome.

In simpler words, the issue or problem originated from errors or mistakes in the way the velocore__execute() function of the ConstantProductPool was designed or implemented.

This specific function is called by the Vault contract every time a user starts a transaction to exchange assets on Velocore. Its primary responsibility is to calculate and determine the result or outcome of these asset swaps. Therefore, any flaws or problems within this function directly affected how trades were processed and completed on Velocore.

Detailed Technical Analysis

Here are the affected addresses connected to this incident:

• All CPMM volatile pools in Linea and zkSyncEra Velocore have been impacted.
• Telos Velocore faced similar vulnerabilities, but they were addressed preemptively to prevent exploitation.

Flawed Fee Rate Calculation Logic

The feeMultiplier is a variable that increments with each withdrawal and resets to 1 at the end of each block cycle. It was implemented to prevent fee evasion through repeated withdrawals and deposits, which could otherwise result in fee-free swaps. This multiplier is instrumental in computing the actual fee, known as effectiveFee1e9.

Two main problems lie within this function:

1. EffectiveFee1e9 Exceeding 100%: The issue here is that in the code, the variable effectiveFee1e9 could potentially exceed 100%. This means that the calculated fee for transactions could be higher than the actual value being transacted, which creates inconsistencies and errors in subsequent calculations or operations.
2. Caller Verification in velocore__execute(): Another problem identified is that the velocore__execute() function did not verify whether the caller of the function was indeed the Vault contract. This oversight made it easier for malicious actors or users to exploit the system. Without proper verification, unauthorized parties could manipulate or execute functions within Velocore that should have been restricted to authorized entities only.

Risk of Underflow in Single-Token Withdrawal

The code enables users to convert LP (liquidity provider) tokens into a single token, essentially facilitating a swap. This process includes applying a fee to the other tokens involved in the transaction.

If effectiveFee1e9 exceeds 100%, the calculation 1e18 – ((1e18 – k) * effectiveFee1e9) / 1e9 may lead to an underflow. This occurs because the fee calculation attempts to subtract more than the available amount, causing unexpected outcomes where tokens are added instead of subtracted.

Following the execution of velocore__execute(), there was no validation process to confirm whether the caller was the Vault contract. This omission introduced a vulnerability that could be exploited, although an attack could still occur even without this specific weakness.

Attack Flow

• The attacker utilized Tornado to acquire funds and subsequently called velocore__execute() directly, simulating substantial withdrawals. This action raised the feeMultiplier, causing effectiveFee1e9 to exceed 100%.
• Using a flash loan, the attacker obtained LP tokens and withdrew a significant portion of the tokens, thereby reducing the pool size.
• The attacker proceeded to initiate a minor single-token withdrawal, resulting in an unusually large number of LP tokens due to an underflow condition, and then repaid the flash loan.

This sequence enabled the attacker to manipulate fee calculations and capitalize on the pool’s vulnerabilities for profit.

Hack Aftermath

Linea responded to the attack by temporarily suspending block production. This decision aimed to concentrate efforts on analyzing the exploit, identifying security vulnerabilities, and preventing additional losses. Velocore’s TVL took a hit after the incident, tanking down to approx. $735K.

Although the suspension briefly disrupted normal network operations, it was deemed essential to safeguard the blockchain’s security and integrity.

Following the incident, Linea reaffirmed its commitment to achieving full decentralization of the network. This strategic goal was emphasized not only in response to the Velocore incident but also as part of the project’s overarching vision for the future.

Mitigation Steps

• Enhance Function Security: Review and enhance the security of critical functions like velocore__execute() to include rigorous input validation and boundary checks and ensure that fee calculations cannot exceed predefined limits.
• Implement Caller Verification: Modify velocore__execute() and other sensitive functions to include a verification step that confirms the caller is authorized, specifically validating that only the Vault contract can execute certain operations.
• Audit and Test Smart Contracts: Regularly audit and test smart contracts using trusted firms to detect vulnerabilities. Implement a comprehensive testing framework that includes unit tests and integration tests to verify the functionality and security of all contract interactions.
• Monitor and Detect Anomalies: Set up real-time monitoring and alert systems to detect anomalies and flawed business logic, such as abnormal fee multiplier increases or unexpected fluctuations in pool sizes. Develop protocols for swift response and intervention upon detection of potential threats.

By implementing these mitigation steps, platforms like Velocore can enhance their resilience against potential hacks and improve overall security posture, fostering greater trust and confidence within the community.

Conclusion

The Velocore incident marked a pivotal juncture for Linea, underscoring the hurdles and vulnerabilities that even sophisticated blockchain networks can encounter. Yet, Linea’s proactive measures— such as temporarily halting block production and reaffirming its decentralization strategy— reflect a resolute dedication to safeguarding the network’s security and integrity.

Looking ahead, achieving full decentralization is poised to enhance Linea’s resilience while bolstering community trust and participation. This incident has the potential to catalyze the development of a more robust and transparent network, better equipped to tackle future challenges decisively.