Following the recent exploit, we disabled all functions within Velocore except withdrawals to prevent potential additional damage. However, this has caused confusion among users who haven’t been keeping up with recent events, as they’re unaware of the extent of the damage (only part of the volatile pools were exploited, while others remained intact). Also, stable pool composition ratio imbalances and depegged pools were causing additional losses for LPs, as frontend swaps couldn’t correct these issues through arbitrage.
Additionally, on Linea, where Diamond Proxy contract’s admin rights have been revoked, we can only change the swap fee to zero without implementing fundamental updates. This situation necessitated preventing further potential damage and providing a unified withdrawal method for all users.
After a comprehensive re-examination of the contract, Bladeswap team discovered another vulnerability that could allow for the theft of total assets. We opted for a white-hat operation to mitigate risk and respond quickly, as the vulnerability would persist during the timelock period if we chose to fix it. We’ve secured the assets in a separate Safe vault and will allow the affected LPs to claim their funds.
All assets in the Vault have been withdrawn and sent to the following Safe addresses on both chains. Users will be able to claim their funds according to the LP snapshot at the relevant block:
The Telos chain, fortunately, can be updated without waiting for timelock and wasn’t exploited before, so the vulnerability has already been patched. We deeply thank the Bladeswap team from Blast for patching and quickly sharing the vulnerability information.
Naturally, the assets held through this whitehat operation will be returned 1:1 to the corresponding owners and are unrelated to overall LP compensation. We’re currently working on getting an accurate snapshot and updating the feature to claim based on it, and we’ll make an announcement when we have an update.
Regarding compensation for former exploit LP victims, this will be decided later through a community vote on reboot or liquidation. We’ll consolidate all remaining assets into a single treasury for collective decision-making.