Security

Balancer V2 Pools Drained by Compounded Arithmetic Precision Loss

Asymmetric rounding in Composable Stable Pool math was weaponized via batched swaps, creating a multi-chain invariant drain and $128M loss.
December 5, 20253 min

The image displays intricate blue structures densely covered in sharp white crystalline formations, with a transparent cylindrical element partially visible. The blue forms, resembling a spiraled or layered texture, are encrusted with countless individual white crystals, creating a frosty appearance
A macro perspective showcases two distinct, intertwined tubular forms. One form is a sleek, reflective silver, while the other is transparent, encapsulating a vibrant, effervescent blue substance

Briefing

The Balancer V2 protocol suffered a sophisticated, multi-chain exploit targeting its Composable Stable Pools, resulting in a catastrophic loss of user liquidity and a systemic depeg of integrated assets. The attack weaponized a subtle, asymmetric rounding error in the pool’s scaling logic, allowing the attacker to systematically erode the pool’s invariant without triggering standard safeguards. This precision-engineered vulnerability, executed via atomic batchSwap transactions, led to a total asset drain of approximately $128.64 million across nine different blockchain networks.

Abstract, sleek white and transparent metallic structures dynamically interact with a vibrant blue granular substrate, creating a splash effect and reflecting on a rippled, deep blue liquid surface. The background features a subtle mist, enhancing the futuristic and impactful scene

Context

Balancer V2’s architecture, which utilizes a centralized Vault to separate token storage from pool logic, was designed for capital efficiency but introduced a single point of failure for core pool math. The prevailing risk in stable-asset AMMs remains the exploitation of low-liquidity states, where seemingly negligible precision errors in integer arithmetic can be amplified into catastrophic invariant manipulation. This incident demonstrates that even well-audited protocols are vulnerable to compound logic flaws that span multiple system components.

A polished metallic X-shaped object with glowing blue internal channels rests on a reflective surface. White, granular particles emanate dynamically from its structure, suggesting energetic dispersal

Analysis

The compromise centered on a mathematical flaw → an asymmetric rounding bias in the _upscale function within the Composable Stable Pool contract. The attacker first positioned the pool into an extremely low-liquidity state by swapping tokens to a wei-level rounding cliff. Next, they executed a carefully calibrated batchSwap sequence that repeatedly exploited the rounding down behavior, which under-calculated the required input amount for a given output.

This systematic precision loss compounded over dozens of micro-swaps, enabling the attacker to silently siphon value from the pool’s internal balance before a final withdrawal. The attack was atomic, leveraging the batchSwap function’s deferred settlement to bypass single-swap guards.

A striking abstract composition features highly reflective, undulating silver forms intricately intertwined with translucent, deep blue, fluid-like structures against a soft grey backdrop. The interplay of light and shadow highlights the smooth, polished surfaces and the depth of the blue elements, creating a sense of dynamic motion and complex integration

Parameters

  • Total Funds Drained → $128.64 million – The cumulative value lost across all affected Composable Stable Pools.
  • Vulnerability Type → Arithmetic Precision Loss – A subtle rounding error in the pool’s scaling function.
  • Affected Chains → Nine – The total number of networks where the vulnerable V2 pools were deployed, including Ethereum, Arbitrum, and Base.
  • Attack Method → Batched Micro-Swaps – The technique used to repeatedly compound the rounding error in a single, atomic transaction.

A close-up reveals a sophisticated, multi-component mechanism, prominently featuring translucent blue and clear elements. A clear, curved channel is filled with countless small bubbles, indicating dynamic internal processes, while metallic accents underscore the intricate engineering

Outlook

Immediate mitigation requires all protocols leveraging Balancer V2’s Composable Stable Pool logic to halt and migrate funds to patched contracts, regardless of their pause window status. The primary second-order effect is a heightened contagion risk for all AMMs that utilize rate-augmented or complex integer arithmetic in their invariant calculations. This event will establish a new security best practice mandating formal verification specifically focused on boundary conditions and precision loss in low-liquidity, multi-component swap logic.

A spherical object dominates the frame, split into halves. The left half is white, textured, and fractured, featuring a smooth metallic button at its center the right half displays a highly structured, metallic, segmented exterior, revealing a glowing blue core of geometric blocks

Verdict

This $128 million exploit confirms that the most critical vulnerabilities in DeFi are no longer simple reentrancy attacks, but complex, systemic logic flaws at the intersection of integer math, pool design, and multi-chain deployment.

rounding error, precision loss, stable pool, composable pool, batch swap, invariant manipulation, low liquidity, multi chain exploit, smart contract flaw, defi vulnerability, token scaling, pool token, arithmetic bug, on chain forensic, protocol logic, access control, wei level, asymmetric rounding, state manipulation, atomic transaction, pool invariant, scaling factor, liquidity drain, swap logic, vault system Signal Acquired from → checkpoint.com

Micro Crypto News Feeds

composable stable pools

Definition ∞ Composable stable pools are liquidity pools in decentralized finance that consist of stablecoins and allow for flexible integration with other protocols.

invariant manipulation

Definition ∞ Invariant manipulation is a type of exploit where an attacker disrupts the fundamental mathematical relationships or rules designed to be constant within a smart contract or protocol.

composable stable pool

Definition ∞ A composable stable pool is a type of liquidity pool in decentralized finance designed to facilitate efficient swaps between various stablecoins while allowing for integration with other DeFi protocols.

precision loss

Definition ∞ Precision loss describes the reduction in accuracy of numerical values, often occurring during data processing or storage.

stable pools

Definition ∞ Stable pools are specialized liquidity pools within decentralized finance (DeFi) protocols designed for trading stablecoins or other assets that are pegged to the same value, such as different versions of wrapped Bitcoin.

rounding error

Definition ∞ A rounding error is a discrepancy that arises when representing a number with a finite number of digits during calculations.

atomic transaction

Definition ∞ An atomic transaction is a sequence of operations that either completely finishes or completely fails, leaving no partial results.

integer arithmetic

Definition ∞ Integer arithmetic involves mathematical operations performed exclusively on whole numbers, without fractions or decimal components.

multi-chain

Definition ∞ A multi-chain system refers to an architecture that supports multiple independent blockchain networks.

Tags:

Tags: