Security

Balancer V2 Pools Drained by Compounded Arithmetic Precision Loss

Asymmetric rounding in Composable Stable Pool math was weaponized via batched swaps, creating a multi-chain invariant drain and $128M loss.
December 5, 20253 min

A pristine white sphere, its lower half transitioning into a vibrant blue gradient, rests centrally amidst a formation of granular white and blue material, accompanied by a large translucent blue crystal shard. This entire arrangement floats on a dark, rippled water surface, creating a serene yet dynamic visual
A close-up view presents two sophisticated, futuristic mechanical modules poised for connection, featuring transparent blue components revealing intricate internal mechanisms and glowing accents. The left unit displays a clear outer shell, exposing complex digital circuits, while the right unit, primarily opaque white, extends a translucent blue cylindrical connector towards it

Briefing

The Balancer V2 protocol suffered a sophisticated, multi-chain exploit targeting its Composable Stable Pools, resulting in a catastrophic loss of user liquidity and a systemic depeg of integrated assets. The attack weaponized a subtle, asymmetric rounding error in the pool’s scaling logic, allowing the attacker to systematically erode the pool’s invariant without triggering standard safeguards. This precision-engineered vulnerability, executed via atomic batchSwap transactions, led to a total asset drain of approximately $128.64 million across nine different blockchain networks.

A striking abstract form, rendered in luminous blue and translucent material, features an outer surface adorned with numerous small, spherical bubbles, set against a soft, gradient background. Its internal structure reveals complex, layered pathways, suggesting intricate design and functional depth within its fluid contours

Context

Balancer V2’s architecture, which utilizes a centralized Vault to separate token storage from pool logic, was designed for capital efficiency but introduced a single point of failure for core pool math. The prevailing risk in stable-asset AMMs remains the exploitation of low-liquidity states, where seemingly negligible precision errors in integer arithmetic can be amplified into catastrophic invariant manipulation. This incident demonstrates that even well-audited protocols are vulnerable to compound logic flaws that span multiple system components.

A vibrant blue, intricately structured translucent form dominates the foreground, set against a blurred background of metallic cylindrical and gear-like components. The detailed blue lattice appears to flow and connect, highlighting its complex internal structure and reflective surfaces

Analysis

The compromise centered on a mathematical flaw → an asymmetric rounding bias in the _upscale function within the Composable Stable Pool contract. The attacker first positioned the pool into an extremely low-liquidity state by swapping tokens to a wei-level rounding cliff. Next, they executed a carefully calibrated batchSwap sequence that repeatedly exploited the rounding down behavior, which under-calculated the required input amount for a given output.

This systematic precision loss compounded over dozens of micro-swaps, enabling the attacker to silently siphon value from the pool’s internal balance before a final withdrawal. The attack was atomic, leveraging the batchSwap function’s deferred settlement to bypass single-swap guards.

A detailed close-up reveals a futuristic blue and silver metallic apparatus, acting as a central hub for transparent, liquid-filled conduits. Bubbles and droplets within the fluid highlight dynamic movement, suggesting an active processing system

Parameters

  • Total Funds Drained → $128.64 million – The cumulative value lost across all affected Composable Stable Pools.
  • Vulnerability Type → Arithmetic Precision Loss – A subtle rounding error in the pool’s scaling function.
  • Affected Chains → Nine – The total number of networks where the vulnerable V2 pools were deployed, including Ethereum, Arbitrum, and Base.
  • Attack Method → Batched Micro-Swaps – The technique used to repeatedly compound the rounding error in a single, atomic transaction.

A vibrant blue, multi-limbed, highly reflective structure, resembling a complex digital core, is centered within a soft, white, textured environment. The central blue element features intricate mechanical details and brilliant light reflections, creating a dynamic visual

Outlook

Immediate mitigation requires all protocols leveraging Balancer V2’s Composable Stable Pool logic to halt and migrate funds to patched contracts, regardless of their pause window status. The primary second-order effect is a heightened contagion risk for all AMMs that utilize rate-augmented or complex integer arithmetic in their invariant calculations. This event will establish a new security best practice mandating formal verification specifically focused on boundary conditions and precision loss in low-liquidity, multi-component swap logic.

The image displays intricate blue structures densely covered in sharp white crystalline formations, with a transparent cylindrical element partially visible. The blue forms, resembling a spiraled or layered texture, are encrusted with countless individual white crystals, creating a frosty appearance

Verdict

This $128 million exploit confirms that the most critical vulnerabilities in DeFi are no longer simple reentrancy attacks, but complex, systemic logic flaws at the intersection of integer math, pool design, and multi-chain deployment.

rounding error, precision loss, stable pool, composable pool, batch swap, invariant manipulation, low liquidity, multi chain exploit, smart contract flaw, defi vulnerability, token scaling, pool token, arithmetic bug, on chain forensic, protocol logic, access control, wei level, asymmetric rounding, state manipulation, atomic transaction, pool invariant, scaling factor, liquidity drain, swap logic, vault system Signal Acquired from → checkpoint.com

Micro Crypto News Feeds

composable stable pools

Definition ∞ Composable stable pools are liquidity pools in decentralized finance that consist of stablecoins and allow for flexible integration with other protocols.

invariant manipulation

Definition ∞ Invariant manipulation is a type of exploit where an attacker disrupts the fundamental mathematical relationships or rules designed to be constant within a smart contract or protocol.

composable stable pool

Definition ∞ A composable stable pool is a type of liquidity pool in decentralized finance designed to facilitate efficient swaps between various stablecoins while allowing for integration with other DeFi protocols.

precision loss

Definition ∞ Precision loss describes the reduction in accuracy of numerical values, often occurring during data processing or storage.

stable pools

Definition ∞ Stable pools are specialized liquidity pools within decentralized finance (DeFi) protocols designed for trading stablecoins or other assets that are pegged to the same value, such as different versions of wrapped Bitcoin.

rounding error

Definition ∞ A rounding error is a discrepancy that arises when representing a number with a finite number of digits during calculations.

atomic transaction

Definition ∞ An atomic transaction is a sequence of operations that either completely finishes or completely fails, leaving no partial results.

integer arithmetic

Definition ∞ Integer arithmetic involves mathematical operations performed exclusively on whole numbers, without fractions or decimal components.

multi-chain

Definition ∞ A multi-chain system refers to an architecture that supports multiple independent blockchain networks.

Tags:

Tags: