ZEROGOKI

DESCRIPTION OF EVENTS

"Zerogoki is a derivatives platform on Ethereum and based on an algorithmic-pegging mechanism to create leveraged tokens for any assets." "This project is experimental. Use at your own risk."

"Zerogoki, a transliteration [from] Japanese, stands for the experimental model Unit-00, and its token REI is the pronunciation of the word 'zero' in Japanese. Thus, it’s a metaphor for a prototype. Zerogoki is a leveraged token trading platform deployed on Ethereum and based on an algorithmic pegging mechanism, which can provide users with leverage tools for traditional assets such as foreign exchange, gold, and bonds. Users can use the platform token REI to cast leverage tokens or use the protocol's synthetic dollar-zUSD to buy leverage assets directly."

"Zerogoki is the pilot experimental protocol from Duet Protocol, which only has the Lite-minting module of Duet Protocol. That is, the synthetic assets are generated only by destroying the protocol asset-REI, and the volatile leverage tokens are chosen as the listed assets to increase the system test pressure. At the same time, the slower Ethernet main net with high cost is used to test if Duet can run smoothly in a harsh environment."

"@0Zerogoki is not only the WORLD's FIRST algorithm-pegging synthetic asset protocol but also made the first decentralized leverage token on the chain."

The project received an audit by CertiK on July 11th, 2021

"On Aug 08 2021 (Beijing Time, block height 12982491), Zerogoki was attacked, which caused a loss of 670K USD." "Zerogoki experienced an Oracle attack a few hours ago when the wrong price led to an unrecognized transaction." "On 8th Aug 2021 05:24:48 AM UTC, one minting trading adopts a false REI price, and an excess 717,964.8 of zUSD was minted."

"Zerogoki Team located one user who executed an illicit minting transaction early today which caused a significant price slippage of zUSD…" "In the attack transaction, 0x81e5f715, the attacker constructed a message contains valid signatures and passed a crafted ns parameter (which contains a large number of zUSD). As a result, the attacker used 300 REI to swap 700k zUSD."

"Three addresses are collated with the signatures. However, we do not have information why the private keys of these addresses have been leaked, at the current stage."

"After the investigation, we found that it’s related to the compromised price oracle. The attacker provides a price oracle signed by legitimate private keys, which contain crafted number of tokens to be swapped. However the reason why the attacker can construct a valid signature is unknown yet."

"The swap function calls decode_op to obtain the information in the oracle. After performing the validation, the contract then burns the ns[0] x.token, mints ns[1] y.token and pays the swap fee to the GOV contract."

"From the implementation of the decode_op, there exists SIGNATURENUM (three) signatures in the parameter. These signatures need to be checked (and authorization) before performing the token swap (burning and minting)."

"After the Zerogoki community suffered the hacker attack on 8th August. Many Zerogoki users didn’t panic or sell the REI and zUSD，Instead, they stayed calm and confident. We are very grateful to these people for their unwavering support for Zerogoki. Later we decided to use more treasury funds to restore the peg soon and already invested $200K+ to stabilize the zUSD pegging to USD."

"[A]lthough the team could not prevent the price of REI from falling, but with the unremitting efforts, the liquidity depth of REI even increased from $1M to 1.5M (BSC+Ether)." "[W]e hope all players know that the REI depth is more crucial than the price when we talk about the stability of the synthetic assets of our system. Price will eventually return when the system stabilizes and reenters the positive cycle."

"The price of zUSD has experienced certain fluctuations, but it is expected to return to parity in the market trading and arbitrage after the minting function is back." "The above transaction is from 0xae, who sold all exceed zUSD afterward and caused a huge price drop. Zerogoki found out about this abnormal case soon, and the team suspended the oracle price feeding and mint/redeem function to avoid further price impact on REI."

"Regular Uniswap v2 trading and liquidity mining [were] not affected."

"[T]he Oracle bug was attacked by a malicious player. [W]e have to fix it before we can open it." "Oracle is closed, no more zUSD will be mint." "We have suspended the oracle." "We have suspended the oracle machine for now and it is expected to be restored within 2 days. The price of zUSD has experienced certain fluctuations, but it is expected to return to parity in the market trading and arbitrage after the minting function is back."

"During the suspension, REI-zAsset mint and burn have been stopped." "The system minting/redemption function is expected to be open at intervals on 13th August for 1 hour from 14:00 UTC, and 2 hours each day between 2:00 UTC and 14:00 UTC to help the market gradually return to the arbitrage equilibrium." "Regular Uniswap v2 trading and liquidity mining are not affected."

"During the suspension, REI-zAsset mint and burn have been stopped." "At the same time, to be on the safe side at the beginning of the launch, we lowered the casting/redemption flow limit again, and now the 24-hour flow and tax rate curve for REI and each zAsset is shown here."

"We are locating the problem and the hacker, please wait patiently, there is no need to panic, the system will gradually stabilizing, that is how it desgined." "The development team is working on the cause of abnormal prices and tracking user 0xae. During this time all users’ asset is safe and no actual loss happened unless REI and zAsset holders sell their holdings on a biased price."

"Attention to the Hacker: Through the efforts of our team, we have collected pretty much of your on-chain historical transaction and off-chain cypher activities. Moreover, we are close to mastering the identity information of your account at FTX. We urgently warn you to RETURN the funds belonging to the Zerogoki community."

"Zerogoki team calls for the user 0xae to connect with us. Since these exceeded minted zUSD should not be recognized, held, or selling these balances are against fair rules. The team would like to offer 0xae a reward for helping the project find out this oracle error and suggest 0xae to connect with us for the next process."

"The zUSD has experienced certain fluctuations, but it is expected to return to parity in the market trading and arbitrage after some time." "Don't Panic. Liquidity's coming." "The foundation has lent REI to core users who are willing to provide large amounts of liquidity, which REI token will be taken back in the future when liquidity becomes abundant." "Those who sell now will in fact bear the loss caused by the malicious player. Selling now is not recommended."

"Long term peg of zUSD is secured by Duet Treasury funds (3 Million USD). We will be buying zUSD when it’s below peg at random intervals. The Treasury will provide LP with the zUSD" "With strong community support and timely action from the team, the zUSD price has recovered to 0.98/USDT, the peg is finally back." "The zUSD price has recovered from the attack for the most part. After the minting function restored in about 1 ~ 2 days, the price difference will quickly converge through arbitrage, and there is no need for panic"

"The progress of zUSD price recovery exceeds expectations, is a proof of the strong community consensus!" "[L]iquidity pool back to $1 million, the reward still high." "After recovering from the fall yesterday, #Liquidity on #Zerogoki is back to >5 million USD and going stronger." "Now, zUSD liquidity and trading volume both have reached a record high — $2.3 million liquidity, 24H vol is close to $1 million. As we say ‘Whatever doesn’t kill you makes you stronger. A tribute to the great community support." "REI and zAsset are back to stable by now."

"Zerogoki plans to set up a HODL $REI activity to reward long-term $REI holders and Liquidity providers. Users who are identified as in the HODL $REI group will receive an extra airdrop for their loyalty and foresightedness. More detailed information will be released soon."

"We will use more treasury funds to restore the peg soon, and we've already invested $200K+ to stabilize the zUSD." On September 2nd, "[t]he team burnt 420,000 $REI tokens as a deflationary strategy of the #Zerogoki system." "Zerogoki plans to set up a HODL REI activity to reward long-term REI holders and liquidity providers. Users who are identified as in the HODL REI group will receive extra airdrop for their loyalty and foresightedness."

"In case of potential dumping, our foundation is considering buying back when REI's #BSC price is under $0.6."

"A big Thank you to all the users who participated in our #Crosschain activity, #BSC $REI tokens have been distributed, the total number is 280,463.839."

"We have decided to conduct a further review of the Oracle code and, for security reasons, expect the minting function recovery to be delayed until later this week. Users who want to participate in Yield Farming could purchase zAssets directly from Uniswap then do liquidity mining." "The project will set up bug bounty activities to involve more contributors to help the project become more stable and robust."

"Zerogoki project aims to build up a long-lasting and solid derivative platform for DeFi eco, and the project is more than grateful to users who stand with us." "What's Next: (1) BSC liquidity farming expected start at end of this week. (2) REI governance staking expected to launch next week."

The Zerogoki project is an experimental leveraged token trading platform. An attacker was able to somehow craft a compromised price oracle, which according to analysis shows that it was signed by valid keys. It is unclear how the attacker was able to sign a valid transaction. The most likely scenario would be that all keys were stored in a central place.

The team tried to reach out to the attacker, however there does not appear to have been any response. There were no losses of any assets - only a drop in price due to the minting of additional tokens. This was corrected by the team through a series of token buy-backs.

blocksec-incidents/2021.md at main · openblocksec/blocksec-incidents · GitHub (Aug 11)
Zerogoki (Sep 15)
Notion – The all-in-one workspace for your notes, tasks, wikis, and databases. (Sep 26)
The Analysis Of The Zerogoki Attack (Sep 26)
CertiK Security Assessment Duet/Zerogoki (Sep 26)
God | 0x80ecdb90a1231cb1964546860b22238664035757 (Sep 26)
Address 0x0d93A21b4A971dF713CfC057e43F5D230E76261C | Etherscan (Sep 26)
Address 0x3054e19707447800f0666ba274a249fc9a67aa4a | Etherscan (Sep 26)
Address 0x4448993f493b1d8d9ed51f22f1d30b9b4377dfd2 | Etherscan (Sep 26)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Sep 26)
Zerogoki Global Youtubevideo Contest (Sep 26)
Why i Like Zerogoki Protocol. I didn’t ask to get into DeFi. Most of… | by Sinjicarus | Medium (Sep 26)
@0Zerogoki Twitter (Sep 26)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Sep 26)
Welcome to Zerogoki - YouTube (Sep 26)
@0Zerogoki Twitter (Sep 26)
@bachonchain Twitter (Sep 26)
@bachonchain Twitter (Sep 26)
@bachonchain Twitter (Sep 26)
@0Zerogoki Twitter (Sep 26)
Zerogoki Progress And Future Roadmap Including Duet Launch Updates (Sep 26)
@bachonchain Twitter (Sep 26)
@bachonchain Twitter (Sep 26)
@0Zerogoki Twitter (Sep 26)
@bachonchain Twitter (Sep 26)
@0Zerogoki Twitter (Sep 26)
@0Zerogoki Twitter (Sep 26)
@bachonchain Twitter (Sep 26)
@bachonchain Twitter (Sep 26)
@bachonchain Twitter (Sep 26)
@bachonchain Twitter (Sep 26)
@bachonchain Twitter (Sep 26)
@0Zerogoki Twitter (Sep 26)
Temporarily Suspension Of Mint Redeem Function (Sep 26)
@bachonchain Twitter (Sep 26)
@bachonchain Twitter (Sep 26)
@bachonchain Twitter (Sep 26)

More case studies

OpenSea Fraudulent
NFT Listing

Punk Protocol
Reinitialized