Security

Balancer V2 Pools Drained Exploiting Arithmetic Precision Rounding Flaw

A subtle arithmetic precision loss in Composable Stable Pool logic was weaponized through atomic batch swaps to systematically manipulate the invariant and extract $128.64M.
December 7, 20253 min

The image presents a macro view of a complex, futuristic mechanical assembly, featuring highly reflective blue and polished silver elements. Its precise, interlocking structure highlights a central cylindrical component with slotted details, surrounded by angular and curved surfaces
The image displays an abstract composition of flowing, undulating forms in shades of deep blue, light blue, and white. These layered structures create a sense of dynamic movement and depth, with glossy surfaces reflecting light

Briefing

A catastrophic exploit has drained approximately $128.64 million from Balancer V2’s ComposableStablePools across six distinct blockchain networks. The incident represents a sophisticated attack that leveraged a subtle flaw in the protocol’s core mathematical logic, not an external compromise. This systemic failure in invariant accounting allowed the attacker to artificially suppress the Balancer Pool Token (BPT) price and execute arbitrage operations that systematically extracted liquidity. The total financial impact of the breach is quantified at $128.64 million, underscoring the extreme risk posed by micro-level arithmetic precision errors in high-value DeFi primitives.

A large, textured sphere, resembling a celestial body, partially submerges in dark blue liquid, generating dynamic splashes. Smaller white spheres interact with the fluid

Context

The prevailing attack surface for complex Automated Market Makers (AMMs) has shifted from simple reentrancy to highly calibrated economic and logic-based exploits. Despite Balancer V2’s battle-tested status and eleven prior security audits, the vulnerability was a subtle mathematical edge case inherent in Solidity’s integer division and downward rounding. This class of flaw, which only becomes exploitable when token balances are driven to specific, microscopic wei-level boundaries, was previously underestimated in its potential for catastrophic, compounded value extraction.

A metallic, lens-like mechanical component is centrally embedded within an amorphous, light-blue, foamy structure featuring deep blue, smoother internal cavities. The entire construct rests on a subtle gradient background, emphasizing its complex, contained form

Analysis

The attack vector targeted the _upscaleArray function within the ComposableStablePools, which utilizes downward rounding ( mulDown ) during invariant calculation. The attacker first conditioned the pools by executing micro-swaps to push token balances to the precise 8-9 wei rounding boundary. This setup systematically triggered a precision loss in the invariant (D value) calculation, causing it to contract artificially. The attacker then leveraged an atomic, 65-step batchSwap sequence to exploit this suppressed BPT price, minting undervalued BPT and immediately redeeming them for full-value underlying assets, thereby draining the liquidity pools across all affected chains.

A close-up view highlights a complex, metallic structure rendered in vibrant blue and reflective silver. The form exhibits intricate details, sharp geometric segments, and smooth, interconnected contours, suggesting advanced decentralized finance DeFi infrastructure

Parameters

  • Total Funds Lost → $128.64 Million – The estimated dollar value drained from ComposableStablePools across all networks.
  • Affected Protocol Version → Balancer V2 ComposableStablePools – The specific contract type containing the arithmetic precision flaw.
  • Attack Duration → Under 30 Minutes – The time required for the attacker to execute the multi-chain exploitation sequence.
  • Vulnerability Type → Arithmetic Precision Loss – The core technical flaw rooted in Solidity’s integer division and downward rounding logic.

A vibrant blue, intricately structured translucent form dominates the foreground, set against a blurred background of metallic cylindrical and gear-like components. The detailed blue lattice appears to flow and connect, highlighting its complex internal structure and reflective surfaces

Outlook

Immediate mitigation requires all protocols forked from or integrating Balancer V2’s Composable Stable Pool code to conduct an emergency review and implement patching or pool pausing. This incident establishes a new security best practice, mandating that audits move beyond traditional bug hunting to incorporate adversarial simulation focused on compounded precision and boundary-condition manipulation. The contagion risk is high for any AMM utilizing similar downward-rounding logic in its invariant calculations, necessitating a systemic review of all stable pool mathematics across the DeFi ecosystem.

The exploitation of a micro-level rounding error in a major AMM for over $128 million confirms that subtle mathematical flaws are the current high-value threat vector, demanding a complete overhaul of precision-based smart contract security models.

DeFi, Smart Contract, AMM, Stablecoin Pool, Liquidity Protocol, Blockchain Security, Multi-Chain Exploit, Token Vault, Invariant Math, Rounding Vulnerability, Security Audit, Batch Swap Logic, Code Flaw, Financial Primitive, Crypto Threat, Asset Management, Digital Asset Security, Precision Arithmetic, Protocol Logic, Economic Exploit Signal Acquired from → checkpoint.com

Micro Crypto News Feeds

arithmetic precision

Definition ∞ In blockchain, arithmetic precision refers to the degree of exactness maintained in numerical computations.

downward rounding

Definition ∞ Downward rounding is a mathematical operation that reduces a fractional number to the nearest whole number or specified decimal place below it.

precision loss

Definition ∞ Precision loss describes the reduction in accuracy of numerical values, often occurring during data processing or storage.

contract

Definition ∞ A 'Contract' is a set of rules and code that automatically executes when predefined conditions are met.

multi-chain

Definition ∞ A multi-chain system refers to an architecture that supports multiple independent blockchain networks.

integer division

Definition ∞ Integer division is a mathematical operation that divides one integer by another and returns only the whole number part of the quotient.

composable stable pool

Definition ∞ A composable stable pool is a type of liquidity pool in decentralized finance designed to facilitate efficient swaps between various stablecoins while allowing for integration with other DeFi protocols.

Tags:

Tags: