Velocore is a ve(3,3) DEX deployed on zkSync Era and Linea — adapting the Velodrome governance-driven liquidity model to zero-knowledge rollup chains, with VC as the governance token, weekly gauge voting directing VC emissions to liquidity pools, and integration of concentrated liquidity (CLMM) pools into the ve(3,3) emission system; the protocol suffered a significant exploit in June 2024 but continued operating following remediation.
Overview
Velocore launched on zkSync Era as the first major ve(3,3) DEX on that chain — bringing Velodrome’s proven liquidity coordination model to Ethereum’s newest zkEVM rollup. It subsequently expanded to Linea. Velocore’s design mirrors Velodrome closely: VC token locks for veVC governance power, weekly gauge votes direct VC emissions to liquidity pools, and external protocols bribe veVC holders to attract liquidity. Velocore added CLMM pools to its ve(3,3) system, enabling capital-efficient concentrated positions to participate in the gauge emission economy alongside standard AMM pools.
Important note: In June 2024, Velocore experienced a major exploit resulting in significant fund losses. The protocol was subsequently patched and has continued operating, but this incident represents a material risk event that informs the protocol’s security history.
ve(3,3) Architecture
The protocol is built around the following components.
VC and veVC
- VC — Velocore’s governance and emission token
- veVC — VC locked for time periods (up to 2 years) for vote-escrowed governance power
- veVC is non-transferable (lockup commitment)
- veVC holders receive:
- Weekly voting power over VC emission distribution
- Bribe income from protocols targeting their votes
- Trading fee revenue from voted pools
Weekly Epoch System
Each epoch:
- Protocols post bribe tokens into bribe contracts for specific pools
- veVC holders vote to allocate VC emissions to pools
- VC emissions flow to winning pools proportional to vote weight
- LPs in winning pools earn VC emissions
- veVC voters claim bribe income + trading fees from their voted pools
Concentrated Liquidity Integration
Velocore integrates CLMM (concentrated liquidity) into its ve(3,3) gauge system:
- Standard pools — constant product (x × y = k) AMM, supported in gauge system
- Stable pools — low-slippage for pegged assets
- CLMM pools — concentrated liquidity positions; capital-efficient active LP strategies
- CLMM pools eligible for gauge registration → earn VC emissions
This combination — ve(3,3) emissions directing capital to CLMM pools — provides:
- High capital efficiency (concentrated liquidity)
- Emission incentives (ve(3,3) gauge rewards)
- Bribe marketplace integration (protocols bribe for CLMM pool VC direction)
June 2024 Exploit
In June 2024, Velocore suffered a critical security exploit:
- An attacker manipulated Velocore’s CLMM pool internal accounting
- Approximately $6.8M (on the Linea deployment) and smaller amounts on zkSync were drained
- The exploit leveraged a reentrancy vulnerability or accounting manipulation in the CLMM module
- Velocore’s team paused the protocol, identified the vulnerability, and patched the affected contracts
- The zkSync deployment was less affected than the Linea deployment
User implications:
- Historic losses from the exploit represent real protocol risk
- Post-patch audits were conducted
- The exploit illustrates the additional complexity risk of integrating CLMM into ve(3,3) systems
zkSync Era Ecosystem Role
On zkSync Era, Velocore operated as the primary ve(3,3) liquidity venue:
- Competes with iZUMi Finance (CLMM DEX) and SyncSwap (constant product) on zkSync
- Attracts zkSync ecosystem project liquidity via bribe/gauge system
- VC emissions directed to USDC/ETH core pairs and ecosystem token pairs
Sources
- Velocore Documentation — Velocore Team, 2023. Core Velocore documentation covering the ve(3,3) architecture (VC lock → veVC, epoch cycle, gauge emission routing), CLMM pool integration into the gauge system (how concentrated liquidity pools register as gauge candidates and receive veVC-directed VC emissions), bribe marketplace mechanics, and the VC/veVC token economics (emission schedule, lockup multiplier curve, protocol fee distribution).
- “Velocore Exploit Analysis: June 2024 CLMM Reentrancy” — Security Research / Blockchain Analytics, 2024. Post-mortem analysis of the Velocore exploit — identifying the specific CLMM accounting vulnerability exploited, the attack vector (flash loan, reentrancy, or price manipulation), on-chain transaction trace showing fund flow, total losses by chain (Linea: ~$6.8M, zkSync: smaller), and assessment of the patches implemented post-exploit.
- “zkSync Era DEX Landscape: Velocore vs SyncSwap vs iZUMi” — zkSync Analytics / DeFi Research, 2023. Comparative analysis of zkSync Era’s primary DEXes — Velocore (ve(3,3) + CLMM), SyncSwap (constant product + stable, higher TVL accessible design), and iZUMi Finance (CLMM with limit orders) — examining TVL distribution, trading volume, user count, and differentiated LP user segments on zkSync.
- “veVC Governance and Bribe Market on zkSync Era” — Velocore / zkSync Ecosystem Analytics, 2023. Analysis of Velocore’s bribe market on zkSync — which protocols paid bribes for veVC votes, bribe amounts relative to VC emissions attracted, and whether the Velocore bribe market achieved comparable efficiency to Velodrome/Aerodrome on other chains.
- “Post-Exploit Recovery: Velocore’s Remediation and Continued Operation” — Velocore / DeFi Security Research, 2024. Analysis of Velocore’s post-exploit response — protocol pause mechanics (how was the pause executed: admin key emergency pause vs governance vote vs gradual drain protection), user compensation approach (was compensation offered to exploit victims; from what funding), audit of remediated contracts, and the long-term TVL and user recovery trajectory on both zkSync Era and Linea after exploit remediation.