Balancer’s $120M Meltdown: How A Series of Small Swaps Almost Broke a Top AMM

The Balancer v2 exploit on November 3rd resulted in losses of around $120 million across its main protocol and multiple forks. According to the SlowMist security team’s post-incident analysis, the exploit stemmed from a precision loss flaw in the integer fixed-point arithmetic used to calculate scaling factors inside Composable Stable Pools, which are designed for near-parity asset pairs such as USDC/USDT or WETH/stETH.

In the latest update, SlowMist confirmed that this flaw caused small but consistent price discrepancies during swaps, especially when attackers used the batch swap function to chain multiple operations within a single transaction. The attackers’ strategy was executed across several steps.

SlowMist Postmortem

The attacker swapped BPT for liquidity tokens to reduce the pool’s liquidity reserves, preparing for small-amount swaps. They performed swaps between liquidity tokens (osETH → WETH) to prepare for precise control of small-swap precision errors. They executed carefully controlled $osETH → swaps to accumulate precision errors. They swapped between liquidity tokens (WETH → osETH) to restore liquidity. They repeated steps 2-4 to amplify the error continuously. They swapped the liquidity tokens back into BPT to restore the pool balance.

The attacker first swapped BPT for liquidity tokens to drain and reduce the pool’s liquidity reserves in a bid to prepare for small-amount swaps. They then conducted swaps between liquidity tokens (osETH → WETH) to set up control over small-swap precision errors. Next, they executed highly controlled osETH → WETH swaps to intentionally build up precision errors.

Afterwards, the attacker swapped between liquidity tokens again (WETH → osETH) to restore enough liquidity. After repeating the steps 2-4 in loops to continuously expand the accumulated error, they finally swapped the liquidity tokens back into BPT to return the pool to a balanced state. Through repeatedly leveraging the precision flaw with small-sized swaps, the attacker pushed the system into settling a final “amountOut” that exceeded the true amountIn owed, and allowed them to pocket a massive profit.

SlowMist managed to trace the attacker’s operations across addresses and multiple chains. It found initial funds were routed through Tornado Cash, then through intermediate nodes and cross-chain gas.zip usage, before being assembled on Ethereum-based addresses holding thousands of ETH and WETH.

Remediation Efforts

As part of the remediation efforts, CSPv6 pools across the affected network were paused, CSPv6 factory disabled was disabled, gauges were killed for affected pools, and major LPs safely withdrew, among other steps.

The Balancer team coordinated with whitehats as well as cybersecurity partners and various networks to retrieve or freeze portions of the stolen funds. This included 5,041 StakeWise osETH worth about $19 million and 13,495 osGNO, estimated to be around $2 million.

To project teams and auditors facing similar scenarios, SlowMist said that the focus should be on enhancing test coverage for extreme cases and boundary conditions. Additionally, the firm urged the projects to pay particular attention to precision handling strategies under low-liquidity conditions.

The post Balancer’s $120M Meltdown: How A Series of Small Swaps Almost Broke a Top AMM appeared first on CryptoPotato.