The Balancer Protocol announced that hackers had targeted its v2 pools, with losses reportedly estimated to be more than $128 million.
Balancer is a decentralized finance (DeFi) protocol built on the Ethereum blockchain as an automated market maker and liquidity infrastructure layer.
It provides flexible pools with custom token mixes, allowing users to deposit assets, earn fees, and let traders swap assets, and it is governed by the BAL token, which had a market cap of $65 million right before the incident.
Balancer has not shared many details about the incident but warned users to be cautious against potential scams or phishing attempts.
Balancer confirmed today that an exploit affected its V2 Compostable Stable Pools at 7:48 AM UTC and that the issue does not impact any other Balancer pools, including V3.
"Our team is working with leading security researchers to understand the issue," the company said in an update a few hours ago.
According to GoPlus Security, the Balancer V2 exploit stemmed from a precision rounding error in the Vault’s swap calculations.
Each swap operation rounded down token amounts, creating tiny discrepancies that the attacker could repeatedly exploit. By chaining multiple swaps through the batchSwap function, those rounding losses compounded into a large price distortion.
Normalizing token amounts using scaling factors
Source: GoPlus Security
... continue reading