Security

Balancer V2 Pools Drained by Compounded Arithmetic Precision Loss

Asymmetric rounding in Composable Stable Pool math was weaponized via batched swaps, creating a multi-chain invariant drain and $128M loss.
December 5, 20253 min

A close-up view reveals a highly detailed mechanical component, featuring transparent blue casing and polished silver elements. The central focus is a cylindrical silver mechanism with fine grooves, capped by a clear blue lens-like structure, while intricate metallic parts and subtle blue lights are visible throughout the assembly
A close-up view shows a grey, structured container partially filled with a vibrant blue liquid, featuring numerous white bubbles and a clear, submerged circular object. The dynamic composition highlights an active process occurring within a contained system

Briefing

The Balancer V2 protocol suffered a sophisticated, multi-chain exploit targeting its Composable Stable Pools, resulting in a catastrophic loss of user liquidity and a systemic depeg of integrated assets. The attack weaponized a subtle, asymmetric rounding error in the pool’s scaling logic, allowing the attacker to systematically erode the pool’s invariant without triggering standard safeguards. This precision-engineered vulnerability, executed via atomic batchSwap transactions, led to a total asset drain of approximately $128.64 million across nine different blockchain networks.

Polished blue and metallic mechanical components integrate with a translucent, organic-like network structure, featuring a glowing blue conduit. This intricate visual symbolizes advanced blockchain architecture and the underlying distributed ledger technology DLT powering modern web3 infrastructure

Context

Balancer V2’s architecture, which utilizes a centralized Vault to separate token storage from pool logic, was designed for capital efficiency but introduced a single point of failure for core pool math. The prevailing risk in stable-asset AMMs remains the exploitation of low-liquidity states, where seemingly negligible precision errors in integer arithmetic can be amplified into catastrophic invariant manipulation. This incident demonstrates that even well-audited protocols are vulnerable to compound logic flaws that span multiple system components.

A highly detailed, metallic blue and silver abstract symbol, shaped like an "X" or plus sign, dominates the frame, encased in a translucent, fluid-like material. Its complex internal circuitry and glowing elements are sharply rendered against a soft, out-of-focus background of cool grey tones

Analysis

The compromise centered on a mathematical flaw → an asymmetric rounding bias in the _upscale function within the Composable Stable Pool contract. The attacker first positioned the pool into an extremely low-liquidity state by swapping tokens to a wei-level rounding cliff. Next, they executed a carefully calibrated batchSwap sequence that repeatedly exploited the rounding down behavior, which under-calculated the required input amount for a given output.

This systematic precision loss compounded over dozens of micro-swaps, enabling the attacker to silently siphon value from the pool’s internal balance before a final withdrawal. The attack was atomic, leveraging the batchSwap function’s deferred settlement to bypass single-swap guards.

A close-up view presents a high-tech mechanical assembly, featuring a central metallic rod extending from a complex circular structure. This structure comprises a textured grey ring, reflective metallic segments, and translucent outer casing elements, all rendered in cool blue-grey tones

Parameters

  • Total Funds Drained → $128.64 million – The cumulative value lost across all affected Composable Stable Pools.
  • Vulnerability Type → Arithmetic Precision Loss – A subtle rounding error in the pool’s scaling function.
  • Affected Chains → Nine – The total number of networks where the vulnerable V2 pools were deployed, including Ethereum, Arbitrum, and Base.
  • Attack Method → Batched Micro-Swaps – The technique used to repeatedly compound the rounding error in a single, atomic transaction.

A vibrant blue, intricately structured translucent form dominates the foreground, set against a blurred background of metallic cylindrical and gear-like components. The detailed blue lattice appears to flow and connect, highlighting its complex internal structure and reflective surfaces

Outlook

Immediate mitigation requires all protocols leveraging Balancer V2’s Composable Stable Pool logic to halt and migrate funds to patched contracts, regardless of their pause window status. The primary second-order effect is a heightened contagion risk for all AMMs that utilize rate-augmented or complex integer arithmetic in their invariant calculations. This event will establish a new security best practice mandating formal verification specifically focused on boundary conditions and precision loss in low-liquidity, multi-component swap logic.

A cluster of vibrant blue and clear crystalline structures rises from dark, reflective water, partially enveloped by soft white snow. The background features a muted grey sky, creating a stark, cold environment

Verdict

This $128 million exploit confirms that the most critical vulnerabilities in DeFi are no longer simple reentrancy attacks, but complex, systemic logic flaws at the intersection of integer math, pool design, and multi-chain deployment.

rounding error, precision loss, stable pool, composable pool, batch swap, invariant manipulation, low liquidity, multi chain exploit, smart contract flaw, defi vulnerability, token scaling, pool token, arithmetic bug, on chain forensic, protocol logic, access control, wei level, asymmetric rounding, state manipulation, atomic transaction, pool invariant, scaling factor, liquidity drain, swap logic, vault system Signal Acquired from → checkpoint.com

Micro Crypto News Feeds

composable stable pools

Definition ∞ Composable stable pools are liquidity pools in decentralized finance that consist of stablecoins and allow for flexible integration with other protocols.

invariant manipulation

Definition ∞ Invariant manipulation is a type of exploit where an attacker disrupts the fundamental mathematical relationships or rules designed to be constant within a smart contract or protocol.

composable stable pool

Definition ∞ A composable stable pool is a type of liquidity pool in decentralized finance designed to facilitate efficient swaps between various stablecoins while allowing for integration with other DeFi protocols.

precision loss

Definition ∞ Precision loss describes the reduction in accuracy of numerical values, often occurring during data processing or storage.

stable pools

Definition ∞ Stable pools are specialized liquidity pools within decentralized finance (DeFi) protocols designed for trading stablecoins or other assets that are pegged to the same value, such as different versions of wrapped Bitcoin.

rounding error

Definition ∞ A rounding error is a discrepancy that arises when representing a number with a finite number of digits during calculations.

atomic transaction

Definition ∞ An atomic transaction is a sequence of operations that either completely finishes or completely fails, leaving no partial results.

integer arithmetic

Definition ∞ Integer arithmetic involves mathematical operations performed exclusively on whole numbers, without fractions or decimal components.

multi-chain

Definition ∞ A multi-chain system refers to an architecture that supports multiple independent blockchain networks.

Tags:

Tags: