Security

Balancer V2 Pools Drained by Compounded Arithmetic Precision Loss

Asymmetric rounding in Composable Stable Pool math was weaponized via batched swaps, creating a multi-chain invariant drain and $128M loss.
December 5, 20253 min

A translucent, irregularly shaped object, covered in numerous water droplets, reveals a deep blue interior and a smooth, light-colored central opening. The object's surface exhibits a textured, almost frosted appearance due to the condensation, contrasting with the vibrant, uniform blue within
A close-up view reveals two abstract, smooth, intertwined forms against a soft grey background. One form is opaque white, while the other is translucent, deep blue, reflecting light and creating dynamic visual depth

Briefing

The Balancer V2 protocol suffered a sophisticated, multi-chain exploit targeting its Composable Stable Pools, resulting in a catastrophic loss of user liquidity and a systemic depeg of integrated assets. The attack weaponized a subtle, asymmetric rounding error in the pool’s scaling logic, allowing the attacker to systematically erode the pool’s invariant without triggering standard safeguards. This precision-engineered vulnerability, executed via atomic batchSwap transactions, led to a total asset drain of approximately $128.64 million across nine different blockchain networks.

A close-up view reveals a transparent, futuristic apparatus containing a vibrant blue liquid filled with a dense array of uniform bubbles. Internal illuminated blue lines suggest intricate circuitry or data pathways within the fluid, set against a blurred light gray background

Context

Balancer V2’s architecture, which utilizes a centralized Vault to separate token storage from pool logic, was designed for capital efficiency but introduced a single point of failure for core pool math. The prevailing risk in stable-asset AMMs remains the exploitation of low-liquidity states, where seemingly negligible precision errors in integer arithmetic can be amplified into catastrophic invariant manipulation. This incident demonstrates that even well-audited protocols are vulnerable to compound logic flaws that span multiple system components.

A spherical object dominates the frame, split into halves. The left half is white, textured, and fractured, featuring a smooth metallic button at its center the right half displays a highly structured, metallic, segmented exterior, revealing a glowing blue core of geometric blocks

Analysis

The compromise centered on a mathematical flaw → an asymmetric rounding bias in the _upscale function within the Composable Stable Pool contract. The attacker first positioned the pool into an extremely low-liquidity state by swapping tokens to a wei-level rounding cliff. Next, they executed a carefully calibrated batchSwap sequence that repeatedly exploited the rounding down behavior, which under-calculated the required input amount for a given output.

This systematic precision loss compounded over dozens of micro-swaps, enabling the attacker to silently siphon value from the pool’s internal balance before a final withdrawal. The attack was atomic, leveraging the batchSwap function’s deferred settlement to bypass single-swap guards.

A striking abstract composition features clear and blue crystalline structures, white textured formations, and smooth white and silver spheres emerging from dark blue water under a clear sky. The elements are arranged centrally, creating a sense of balance and depth

Parameters

  • Total Funds Drained → $128.64 million – The cumulative value lost across all affected Composable Stable Pools.
  • Vulnerability Type → Arithmetic Precision Loss – A subtle rounding error in the pool’s scaling function.
  • Affected Chains → Nine – The total number of networks where the vulnerable V2 pools were deployed, including Ethereum, Arbitrum, and Base.
  • Attack Method → Batched Micro-Swaps – The technique used to repeatedly compound the rounding error in a single, atomic transaction.

A futuristic, metallic device with a modular design, primarily in blue and silver tones, is depicted resting on a textured, sandy surface. A translucent, spherical object with a crystalline interior is centrally mounted on its top surface

Outlook

Immediate mitigation requires all protocols leveraging Balancer V2’s Composable Stable Pool logic to halt and migrate funds to patched contracts, regardless of their pause window status. The primary second-order effect is a heightened contagion risk for all AMMs that utilize rate-augmented or complex integer arithmetic in their invariant calculations. This event will establish a new security best practice mandating formal verification specifically focused on boundary conditions and precision loss in low-liquidity, multi-component swap logic.

A detailed view of a complex, multi-layered metallic structure featuring prominent blue translucent elements, partially obscured by swirling white, cloud-like material. A reflective silver sphere is embedded within the intricate framework, suggesting dynamic interaction and movement

Verdict

This $128 million exploit confirms that the most critical vulnerabilities in DeFi are no longer simple reentrancy attacks, but complex, systemic logic flaws at the intersection of integer math, pool design, and multi-chain deployment.

rounding error, precision loss, stable pool, composable pool, batch swap, invariant manipulation, low liquidity, multi chain exploit, smart contract flaw, defi vulnerability, token scaling, pool token, arithmetic bug, on chain forensic, protocol logic, access control, wei level, asymmetric rounding, state manipulation, atomic transaction, pool invariant, scaling factor, liquidity drain, swap logic, vault system Signal Acquired from → checkpoint.com

Micro Crypto News Feeds

composable stable pools

Definition ∞ Composable stable pools are liquidity pools in decentralized finance that consist of stablecoins and allow for flexible integration with other protocols.

invariant manipulation

Definition ∞ Invariant manipulation is a type of exploit where an attacker disrupts the fundamental mathematical relationships or rules designed to be constant within a smart contract or protocol.

composable stable pool

Definition ∞ A composable stable pool is a type of liquidity pool in decentralized finance designed to facilitate efficient swaps between various stablecoins while allowing for integration with other DeFi protocols.

precision loss

Definition ∞ Precision loss describes the reduction in accuracy of numerical values, often occurring during data processing or storage.

stable pools

Definition ∞ Stable pools are specialized liquidity pools within decentralized finance (DeFi) protocols designed for trading stablecoins or other assets that are pegged to the same value, such as different versions of wrapped Bitcoin.

rounding error

Definition ∞ A rounding error is a discrepancy that arises when representing a number with a finite number of digits during calculations.

atomic transaction

Definition ∞ An atomic transaction is a sequence of operations that either completely finishes or completely fails, leaving no partial results.

integer arithmetic

Definition ∞ Integer arithmetic involves mathematical operations performed exclusively on whole numbers, without fractions or decimal components.

multi-chain

Definition ∞ A multi-chain system refers to an architecture that supports multiple independent blockchain networks.

Tags:

Tags: