A pioneering Bitcoin DeFi protocol with real innovation but elevated risk. The launch-day exploit is a serious red flag for code quality, though the team's swift response and treasury reimbursement show accountability. Stacks and Clarity are less battle-tested than EVM alternatives. High-risk, high-reward for users who believe in Bitcoin-native DeFi and are comfortable with the security track record.
Top Risks
1
Zest was exploited on its public launch day for 324,000 STX (~$897K) through a collateral value manipulation attack, demonstrating insufficient pre-launch security testing
2
Built on Stacks using Clarity smart contracts — a less mature and less audited language than Solidity — with a smaller security researcher community to identify bugs
3
The BTCz liquid restaking product introduces novel Bitcoin-native DeFi risks with limited precedent for the Clarity/Stacks architecture
Risk Breakdown
Frequently Asked Questions
Is Zest safe to use?
Zest receives a C+ risk grade (41/100) from Hindenrank, where lower scores indicate lower risk. A pioneering Bitcoin DeFi protocol with real innovation but elevated risk. The launch-day exploit is a serious red flag for code quality, though the team's swift response and treasury reimbursement show accountability. Stacks and Clarity are less battle-tested than EVM alternatives. High-risk, high-reward for users who believe in Bitcoin-native DeFi and are comfortable with the security track record. Zest is the largest DeFi lending protocol on Stacks, bringing lending and borrowing capabilities to the Bitcoin ecosystem. You can deposit STX, sBTC, stablecoins, and other assets to earn yield, or borrow against your holdings. Zest is also building BTCz, a yield-bearing Bitcoin restaking product built on Babylon. The protocol has raised $3.5M from Draper Associates and YZi Labs, uses Pyth oracle for pricing, and has an ImmuneFi bug bounty program. However, it was exploited for $897K on its launch day, which the team reimbursed from treasury.
What are the main risks of using Zest?
The key risks identified for Zest are: (1) The protocol was exploited on its first day of public launch — while funds were reimbursed, it raises questions about code quality (2) Built on Stacks using Clarity, a less common smart contract language with fewer security researchers reviewing it (3) BTCz depends on multiple new technologies (Babylon, sBTC bridge) that have limited production history
What is Zest's risk score breakdown?
Zest scores 41/100 across eight risk dimensions: Mechanism Novelty: 6/15, Interaction Severity: 8/20, Oracle Surface: 4/10, Documentation Gaps: 3/10, Track Record: 8/15, Scale Exposure: 3/10, Regulatory Risk: 5/10, Vitality Risk: 4/10. The highest risk area is Track Record at 8/15.
How does Zest compare to other Lending protocols?
Among 90 rated Lending protocols on Hindenrank, Zest ranks #66 by safety (lowest risk score = safest). Its 41/100 risk score and C+ grade place it among the riskier Lending protocols.
Has Zest ever been hacked or exploited?
Zest scores 8/15 on the Track Record risk dimension, indicating some history of security incidents or exploits. Higher scores reflect more severe or frequent incidents. Review the full risk report for details.