Security

Balancer V2 Rounding Error Drains over $120 Million across Multi-Chain Pools

A critical precision flaw in the V2 `batchSwap` function allowed invariant manipulation, compromising $120M in liquidity across major networks.
November 15, 20253 min

A polished metallic cylindrical component, featuring a dark nozzle and a delicate golden wire, precisely interacts with a vibrant blue, translucent fluid. The fluid appears to be actively channeled and shaped by the mechanism, creating a dynamic visual of flow and processing
A sophisticated, futuristic mechanical apparatus features a brightly glowing blue central core, flanked by two streamlined white cylindrical modules. Visible internal blue components and intricate structures suggest advanced technological function and data processing

Briefing

The Balancer decentralized finance protocol has suffered a catastrophic multi-chain exploit, resulting in the unauthorized draining of more than $120 million from its V2 Composable Stable Pools. This systemic breach immediately compromised liquidity provider capital across multiple major networks, including Ethereum, Arbitrum, and Base, triggering a significant crisis of confidence in cross-chain DeFi security. The root cause was a precision rounding error in the batchSwap function’s upscale logic, which attackers leveraged to manipulate pool balances and extract value from the core vault. The event has already forced a critical emergency hard fork on a protocol utilizing the same codebase, demonstrating immediate contagion risk.

The image showcases precisely engineered metallic and dark blue components, dynamically integrated with translucent, flowing blue liquid. This visual metaphor illustrates a sophisticated modular blockchain architecture, where various protocol layers are interconnected and function in unison, reflecting the complex interplay within a decentralized network

Context

The DeFi ecosystem’s security posture was already under heightened scrutiny due to the inherent complexity of integrating external Liquid Staking Tokens (LSTs) with internal vault accounting mechanisms. The prevailing attack surface centered on novel pool designs, like Balancer’s V2 Composable Stable Pools, where a single, subtle mathematical or logic flaw could be compounded by the multi-step nature of a batchSwap transaction. This class of vulnerability, specifically precision errors in invariant-based AMMs, has historically been difficult to detect even with multiple security audits, making it a known, high-severity risk factor.

A close-up view reveals the internal workings of a sophisticated blue and silver machine. Intricate wiring, gears, and precision-engineered components are prominently displayed, highlighting a complex mechanical assembly

Analysis

The attack vector specifically targeted a rounding error within the V2 Vault’s batchSwap feature, which permits users to bundle multiple swaps into a single, gas-efficient transaction. The threat actor created a malicious contract that exploited the incorrect rounding behavior in combination with the EXACT_OUT swap functionality. This allowed the attacker to manipulate the pool’s internal balances, effectively tricking the vault into registering an inaccurate, larger output for a given input. The final step involved withdrawing the illegitimately inflated internal balances, systematically draining Liquid Staking Tokens (LSTs) like osETH and wstETH from the pools across all interconnected chains.

A central metallic microchip, possibly an ASIC, is intricately connected by numerous white and blue strands. These strands represent data streams or transaction pathways, flowing into and out of the component

Parameters

  • Total Funds Drained → $120 Million (Confirmed loss from V2 Vaults).
  • Root Cause → Precision Rounding Error (In batchSwap upscale function).
  • Affected Components → V2 Composable Stable Pools, Vault batchSwap feature.
  • Contagion Effect → Berachain Emergency Hard Fork (To fix a related vulnerability in its native BEX).

Three textured, translucent blocks, varying in height and displaying a blue gradient, stand in rippled water under a full moon. The blocks transition from clear at the top to deep blue at their base, reflecting in the surrounding liquid

Outlook

Immediate mitigation requires all users to revoke token approvals granted to Balancer contracts on all affected chains to prevent further unauthorized fund movements. The systemic nature of this multi-chain exploit is expected to trigger a new wave of audits focusing specifically on the mathematical precision and invariant checks in complex AMM logic, particularly for functions that bundle transactions like batchSwap. This event establishes a new security best practice → protocols must implement more robust, redundant precision checks and formal verification of all internal accounting logic before multi-chain deployment.

The Balancer V2 exploit represents a critical failure of complex smart contract architecture, underscoring the systemic risk of deploying intricate, multi-chain logic without absolute formal verification.

Precision rounding error, smart contract logic, batch swap vulnerability, invariant manipulation, multi-chain liquidity, staked derivative token, vault accounting flaw, DeFi systemic risk, asset withdrawal exploit, protocol governance, emergency hard fork, on-chain forensic, collateral drain, Ethereum Arbitrum Base, stable pool vulnerability Signal Acquired from → beincrypto.com

Micro Crypto News Feeds

precision rounding error

Definition ∞ A precision rounding error is a computational inaccuracy that occurs when numerical values are rounded during calculations, leading to a slight discrepancy from the true mathematical result.

composable stable pools

Definition ∞ Composable stable pools are liquidity pools in decentralized finance that consist of stablecoins and allow for flexible integration with other protocols.

liquid staking tokens

Definition ∞ Liquid staking tokens are derivative digital assets that represent staked cryptocurrency, allowing users to retain liquidity while participating in Proof of Stake consensus.

rounding error

Definition ∞ A rounding error is a discrepancy that arises when representing a number with a finite number of digits during calculations.

stable pools

Definition ∞ Stable pools are specialized liquidity pools within decentralized finance (DeFi) protocols designed for trading stablecoins or other assets that are pegged to the same value, such as different versions of wrapped Bitcoin.

emergency hard fork

Definition ∞ An emergency hard fork is a critical, non-backward-compatible upgrade to a blockchain protocol implemented rapidly to address severe issues, such as security vulnerabilities or catastrophic bugs.

formal verification

Definition ∞ Formal verification is a mathematical technique used to prove the correctness of software or hardware systems.

Tags:

Tags: