Velocore: Reviewing the contract to find another vulnerability and taking white hat action
On June 28th, Velocore said on the social platform that after the recent exploit incident, in order to prevent further losses, most of Velocore's functions were disabled, and only the withdrawal function was retained. Since the front-end exchange could not correct the imbalance of the stable pool and the off-anchor pool through arbitrage, additional losses were caused by LP.
On the Linea chain, since the administrator rights of the Diamond Proxy contract have been revoked, we can only change the exchange rate to zero, without being able to make a fundamental update. This requires us to prevent further potential damage and provide a uniform withdrawal method for all users. After re-checking the contract, we discovered another vulnerability that could lead to the theft of all assets. To mitigate this risk, we conducted a White Hat operation to securely deposit assets in a separate Safe vault. Affected LPs can now claim funds based on the LP snapshot of the relevant block.