Zest Protocol Security Update

On 11th April 2024, Zest Protocol experienced an attack that led the team to pause the smart contracts. The attack has been mitigated and user balances are safe.


minute read

April 16, 2024

Tycho Onnasch

Zest Protocol is paused until further notice. User positions will be unaffected until the protocol opens again. More details on the path to opening below.

Security is at the heart of Zest Protocol’s design. Zest Protocol is the first lending market written in the Clarity smart contract language on Stacks. Until the Zest Protocol launch, routine lending operations in Clarity had never been battle tested in a production environment with real assets.

Bringing an innovative product to market requires great attention to detail. The protocol underwent full smart contract audit and has been running two bug bounty programmes in parallel since launch, more than any other protocol on Stacks. While it felt slow at times, the protocol saw a phased roll-out over the past two months with limited debt ceilings and users. Borrowable assets are the attack surface for lending protocols. Stacked STX (stSTX) the largest TVL asset that Zest Protocol holds, was not configured as borrowable to limit attack surface.

On the day that Zest Protocol launched to the public an attacker artificially increased the value of their collateral to borrow an amount exceeding the value of their position. The attacker removed 322k STX from the protocol. As soon as the attack was identified, Zest Protocol contracts were paused. stSTX funds are unaffected, as they were not configured as borrowable. The attacker didn’t touch any aeUSDC. The removed amount of STX is reimbursed from the Zest Protocol treasury and user balances remain unaffected (see STX funds here).

In the meantime, the walls are closing in on the attacker. A Binance withdrawal address has been uncovered that will reveal the identity of the attacker (see path below) and the full range of legal actions are currently being deployed.

Moments like these are what DeFi builders sign up for. We’re beta testing the future of the financial system by opening innovative products to real deposits. These are necessary steps towards building a robust and open financial future. It’s also good for the community that these events happen in a contained fashion. Smart contract auditors are put on notice to pay close attention, and other DeFi builders can draw lessons.

Opening Zest Protocol securely is now top priority. The smart contracts are undergoing a full re-audit. Auditors have started working to finish at the earliest possible date. When the protocol is relaunched, existing users will find their balances intact (and likely something special too).

For those who want to dig deeper into how the attack happened and the steps taken to mitigate, let’s dig in

Central to this exploit was the attacker's manipulation of the collateral list, an essential element in determining a borrower's capacity based on their pledged assets. By duplicating values within this list, the smart contract was tricked into overvaluing the collateral. Using multiple accounts, the attacker orchestrated a series of actions that led to the exploitation.

Key Steps in the Exploit:

  • Collateral List Manipulation: The attacker's primary action was to manipulate the collateral list by repeating entries. This duplication caused the smart contract to overcalculate the total collateral value.
  • Excessive Borrowing: The exploit was executed in 5 borrow calls with a repeating asset list. In these calls the attacker was able to borrow an amount substantially greater than what should have been allowed.

This exploitation led to a significant discrepancy between the actual and perceived collateral values, enabling the attacker to remove funds from the protocol using the borrow calls below:






The path that ties the attacker to a Binance withdrawal that happened before the attack:

One of the two XLink bridge transactions to get STX used by the attacker: https://explorer.hiro.so/txid/0x6ebbed26a19fd096f13ff50a7fac4865db5e16775ea24a4ecff4150a83421c27?chain=mainnet

The BTC that was swapped into STX over XLink above came from this Bitcoin transaction (output 3):


The Bitcoin address that bridged BTC over XLink bc1qn7alfrla2jhyq7hzezjg9fe86t39m9z86mt9kl address

The Bitcoin address above has received a withdrawal transaction from Binance before the attack (0.01423400 BTC): https://mempool.space/tx/fb6e0a324bc2023dff6d8f4a80b3e6cd7ad1314fd0a54be93d48ea5ff0eeaa80

into bc1qn7alfrla2jhyq7hzezjg9fe86t39m9z86mt9kl

The owner of the BTC in the previous Bitcoin transaction is the address bc1qm34lsc65zpw79lxes69zkqmk6ee3ewf0j77s3h

bc1qm34lsc65zpw79lxes69zkqmk6ee3ewf0j77s3h is controlled by Binance (source: https://www.binance.com/en/blog/community/our-commitment-to-transparency-2895840147147652626)

All communications relating to the identity of the attacker should go to security@zestprotocol.com. If you are the attacker, you can email us to avoid distress.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Written by
Tycho Onnasch
April 16, 2024

Sign up for email updates

Stay in the know on all things Zest Protocol.