Balancer’s $120M Meltdown: How A Series of Small Swaps Almost Broke a Top AMM

The Balancer v2 exploit on November third resulted in losses of round $120 million throughout its foremost protocol and a number of forks. According to the SlowMist safety group’s post-incident evaluation, the exploit stemmed from a precision loss flaw within the integer fixed-point arithmetic used to calculate scaling elements inside Composable Stable Pools, that are designed for near-parity asset pairs corresponding to USDC/USDT or WETH/stETH.

In the most recent replace, SlowMist confirmed that this flaw triggered small however constant value discrepancies throughout swaps, particularly when attackers used the batch swap perform to chain a number of operations inside a single transaction. The attackers’ technique was executed throughout a number of steps.

SlowMist Postmortem

The attacker swapped BPT for liquidity tokens to scale back the pool’s liquidity reserves, making ready for small-amount swaps. They carried out swaps between liquidity tokens (osETH → WETH) to arrange for exact management of small-swap precision errors. They executed fastidiously managed $osETH → swaps to build up precision errors. They swapped between liquidity tokens (WETH → osETH) to revive liquidity. They repeated steps 2-4 to amplify the error repeatedly. They swapped the liquidity tokens again into BPT to revive the pool stability.

The attacker first swapped BPT for liquidity tokens to drain and cut back the pool’s liquidity reserves in a bid to arrange for small-amount swaps. They then carried out swaps between liquidity tokens (osETH → WETH) to arrange management over small-swap precision errors. Next, they executed extremely managed osETH → WETH swaps to deliberately construct up precision errors.

Afterwards, the attacker swapped between liquidity tokens once more (WETH → osETH) to revive sufficient liquidity. After repeating the steps 2-4 in loops to repeatedly broaden the collected error, they lastly swapped the liquidity tokens again into BPT to return the pool to a balanced state. Through repeatedly leveraging the precision flaw with small-sized swaps, the attacker pushed the system into settling a remaining “amountOut” that exceeded the true quantityIn owed, and allowed them to pocket a large revenue.

SlowMist managed to hint the attacker’s operations throughout addresses and a number of chains. It discovered preliminary funds have been routed by way of Tornado Cash, then by way of intermediate nodes and cross-chain fuel.zip utilization, earlier than being assembled on Ethereum-based addresses holding hundreds of ETH and WETH.

Remediation Efforts

As half of the remediation efforts, CSPv6 swimming pools throughout the affected community have been paused, CSPv6 manufacturing unit disabled was disabled, gauges have been killed for affected swimming pools, and main LPs safely withdrew, amongst different steps.

The Balancer group coordinated with whitehats in addition to cybersecurity companions and varied networks to retrieve or freeze parts of the stolen funds. This included 5,041 StakeWise osETH value about $19 million and 13,495 osGNO, estimated to be round $2 million.

To mission groups and auditors dealing with comparable situations, SlowMist mentioned that the main target must be on enhancing check protection for excessive instances and boundary situations. Additionally, the agency urged the initiatives to pay explicit consideration to precision dealing with methods below low-liquidity situations.

The put up Balancer’s $120M Meltdown: How A Series of Small Swaps Almost Broke a Top AMM appeared first on CryptoPotato.