Update on the Ellipsis zBNB-BNB LP Exploit (*latest version 17:45 UTC) After contacting with Ellipsis Finance’s team and collecting further information, here is an update on the attack on the zBNB-BNB pool on Ellipsis Finace: Reentrancy Lock Exploit -The zBNB-BNB pool on Ellipsis is using Vyper 0.3.0 language, and it has been exploited as a result of a malfunctioning reentrancy lock related to a Vyper bug. Vyper is an alternative programming language that was used for smart contracts on Ellipsis. -The exploiter called a function from a smart contract to exploit the Ellipsis pool contract several times and took: 292.083825005022 BNB 74.0881866772931 zBNB The exploiter's smart contract that stores the stolen funds: https://bscscan.com/address/0x000000000000c272a769b0848893bdfbcef2b73a The exploiter's wallet that utilized the smart contract function: https://bscscan.com/address/0x00000000002088951336d7972746a135f2956417 -All the zBNB the exploiter had was converted to 17,876.625729992517 zUSD on Horizon Exchange and sold on PancakeSwap which caused a temporary de-peg for zUSD on the open market, that was quickly recovering. Arbitrage -This exploit has led to considerable drainage of the remaining zBNB from arbitrageurs due to the de-peg, allowing them to purchase zBNB at an extreme discounted market price. In total, the exploiting arbitrageurs purchased ~237.3642498 zBNB with ~9.154165069 BNB that were ultimately converted to zUSD and sold on PancakeSwap. -These 2 wallets took majority of the advantage of exploiting the de-peg and are controlled by the same user: https://bscscan.com/address/0xde21a52af82e37589a461703eb5b60862cb51262 Bought 176.2036334 for 10.6 BNB, then sold all zBNB for 41,791.78 zUSD and sold that on PancakeSwap. https://bscscan.com/address/0x0cbe2909b7a1d94badb0bb459575064e384b42c6 Bought 59.296197816396 for 0.1 BNB, then tried to buy back 10.92673493 BNB by spending 21 zBNB after other users added some BNB trying to also get zBNB at a low price. All the remaining zBNB were sold to zUSD, and sent to the above address. -There are 8 other wallets that also participated but are smaller in scale, all together buying 22.86441851 zBNB for 9.381 BNB. -As the above arbitraging wallets were adding BNB into the Ellipsis pool and buying discounted zBNB, the original exploiter called the exploit function several more times, stealing more funds from the contract. It is unclear if the Ellipsis pool exploiter and the above arbitrage wallets are working in unison. Further investigation is needed. Ongoing Investigation The zBNB-BNB LP was deployed with the 0.3.0 Vyper contract using the Ellipsis Finance contract factory (a smart contract that deploys smart contracts). The contract factory deployer was likely using the latest version of Vyper at that time. At no point did Ellipsis Finance notify us to redeploy and migrate liquidity to a newer version of the Vyper contract. Ellipsis Finance was most likely completely unaware of this issue. The attack on Ellipsis Finance’s liquidity pools is not connected to Horizon Protocol’s smart contract. Assuredly, the assets locked on Horizon Protocol smart contract are safe and secure. We are actively investigating this incident and will provide you with all relevant updates. Thank you for your continued support and understanding.

Information Update: We are currently in contact with the Ellipsis team regarding the exploit on the zBNB-BNB Liquidity Pool. We sincerely thank you for your understanding and ongoing support. We will keep the community updated.