Balancer V2 Rounding Error Drains over $120 Million across Multi-Chain Pools ∞ Security

A macro view showcases a transparent, possibly polymer or glass, structure encasing vibrant blue, fluid-like formations that undulate around a central brushed metallic cylinder. The interplay of light on the clear material and the luminous blue creates a sense of dynamic movement and depth within the composition

A central metallic microchip, possibly an ASIC, is intricately connected by numerous white and blue strands. These strands represent data streams or transaction pathways, flowing into and out of the component

Briefing

The Balancer decentralized finance protocol has suffered a catastrophic multi-chain exploit, resulting in the unauthorized draining of more than $120 million from its V2 Composable Stable Pools. This systemic breach immediately compromised liquidity provider capital across multiple major networks, including Ethereum, Arbitrum, and Base, triggering a significant crisis of confidence in cross-chain DeFi security. The root cause was a precision rounding error in the batchSwap function’s upscale logic, which attackers leveraged to manipulate pool balances and extract value from the core vault. The event has already forced a critical emergency hard fork on a protocol utilizing the same codebase, demonstrating immediate contagion risk.

A visually striking abstract render features a complex, multi-faceted object composed of clear and deep blue crystalline fragments, centralizing around a core nexus. The intricate, reflective surfaces and sharp geometric edges create a sense of depth and precision against a soft grey background, with blurred elements hinting at a wider network

Context

The DeFi ecosystem’s security posture was already under heightened scrutiny due to the inherent complexity of integrating external Liquid Staking Tokens (LSTs) with internal vault accounting mechanisms. The prevailing attack surface centered on novel pool designs, like Balancer’s V2 Composable Stable Pools, where a single, subtle mathematical or logic flaw could be compounded by the multi-step nature of a batchSwap transaction. This class of vulnerability, specifically precision errors in invariant-based AMMs, has historically been difficult to detect even with multiple security audits, making it a known, high-severity risk factor.

A sophisticated, high-fidelity render showcases a modular mechanical assembly, predominantly white and blue, featuring a central cylindrical processing unit with a metallic shaft. Intricate blue wiring and paneling are visible beneath the white casing, suggesting advanced data processing capabilities

Analysis

The attack vector specifically targeted a rounding error within the V2 Vault’s batchSwap feature, which permits users to bundle multiple swaps into a single, gas-efficient transaction. The threat actor created a malicious contract that exploited the incorrect rounding behavior in combination with the EXACT_OUT swap functionality. This allowed the attacker to manipulate the pool’s internal balances, effectively tricking the vault into registering an inaccurate, larger output for a given input. The final step involved withdrawing the illegitimately inflated internal balances, systematically draining Liquid Staking Tokens (LSTs) like osETH and wstETH from the pools across all interconnected chains.

Smooth, abstract shapes in varying shades of blue and grey create a dynamic, fluid composition, featuring both matte and reflective surfaces. The central deep blue cavity provides a focal point, suggesting depth and internal processes within the interwoven forms

Parameters

Total Funds Drained ∞ $120 Million (Confirmed loss from V2 Vaults).
Root Cause ∞ Precision Rounding Error (In batchSwap upscale function).
Affected Components ∞ V2 Composable Stable Pools, Vault batchSwap feature.
Contagion Effect ∞ Berachain Emergency Hard Fork (To fix a related vulnerability in its native BEX).

The image features two sleek, white, modular cylindrical structures, appearing to connect or interact dynamically, with a bright blue energy core and translucent blue liquid splashes emanating from their interface. The mechanical components are partially submerged in or surrounded by the splashing liquid, suggesting active data transfer or energy flow

Outlook

Immediate mitigation requires all users to revoke token approvals granted to Balancer contracts on all affected chains to prevent further unauthorized fund movements. The systemic nature of this multi-chain exploit is expected to trigger a new wave of audits focusing specifically on the mathematical precision and invariant checks in complex AMM logic, particularly for functions that bundle transactions like batchSwap. This event establishes a new security best practice ∞ protocols must implement more robust, redundant precision checks and formal verification of all internal accounting logic before multi-chain deployment.

The Balancer V2 exploit represents a critical failure of complex smart contract architecture, underscoring the systemic risk of deploying intricate, multi-chain logic without absolute formal verification.

Precision rounding error, smart contract logic, batch swap vulnerability, invariant manipulation, multi-chain liquidity, staked derivative token, vault accounting flaw, DeFi systemic risk, asset withdrawal exploit, protocol governance, emergency hard fork, on-chain forensic, collateral drain, Ethereum Arbitrum Base, stable pool vulnerability Signal Acquired from ∞ beincrypto.com