Balancer V2 Rounding Error Drains over $120 Million across Multi-Chain Pools → Security

A detailed perspective showcases sophisticated metallic gears and bearings, intricately positioned within a clear, fluid-filled enclosure. The vibrant blue liquid, teeming with numerous small bubbles, circulates around these precisely engineered components, highlighting their operational interaction

A close-up view presents a high-tech mechanical assembly, featuring a central metallic rod extending from a complex circular structure. This structure comprises a textured grey ring, reflective metallic segments, and translucent outer casing elements, all rendered in cool blue-grey tones

Briefing

The Balancer decentralized finance protocol has suffered a catastrophic multi-chain exploit, resulting in the unauthorized draining of more than $120 million from its V2 Composable Stable Pools. This systemic breach immediately compromised liquidity provider capital across multiple major networks, including Ethereum, Arbitrum, and Base, triggering a significant crisis of confidence in cross-chain DeFi security. The root cause was a precision rounding error in the batchSwap function’s upscale logic, which attackers leveraged to manipulate pool balances and extract value from the core vault. The event has already forced a critical emergency hard fork on a protocol utilizing the same codebase, demonstrating immediate contagion risk.

A high-tech, white modular apparatus is depicted in a state of connection, with two primary sections slightly apart, showcasing complex internal mechanisms illuminated by intense blue light. A brilliant, pulsating blue energy stream, representing a secure data channel, actively links the two modules

Context

The DeFi ecosystem’s security posture was already under heightened scrutiny due to the inherent complexity of integrating external Liquid Staking Tokens (LSTs) with internal vault accounting mechanisms. The prevailing attack surface centered on novel pool designs, like Balancer’s V2 Composable Stable Pools, where a single, subtle mathematical or logic flaw could be compounded by the multi-step nature of a batchSwap transaction. This class of vulnerability, specifically precision errors in invariant-based AMMs, has historically been difficult to detect even with multiple security audits, making it a known, high-severity risk factor.

The image captures a close-up of a high-tech, cylindrical component featuring a transparent chamber filled with dynamically swirling blue and white patterns. This module is integrated into a larger assembly of silver metallic and dark blue elements, showcasing intricate engineering and a futuristic design

Analysis

The attack vector specifically targeted a rounding error within the V2 Vault’s batchSwap feature, which permits users to bundle multiple swaps into a single, gas-efficient transaction. The threat actor created a malicious contract that exploited the incorrect rounding behavior in combination with the EXACT_OUT swap functionality. This allowed the attacker to manipulate the pool’s internal balances, effectively tricking the vault into registering an inaccurate, larger output for a given input. The final step involved withdrawing the illegitimately inflated internal balances, systematically draining Liquid Staking Tokens (LSTs) like osETH and wstETH from the pools across all interconnected chains.

A striking abstract composition features clear and blue crystalline structures, white textured formations, and smooth white and silver spheres emerging from dark blue water under a clear sky. The elements are arranged centrally, creating a sense of balance and depth

Parameters

Total Funds Drained → $120 Million (Confirmed loss from V2 Vaults).
Root Cause → Precision Rounding Error (In batchSwap upscale function).
Affected Components → V2 Composable Stable Pools, Vault batchSwap feature.
Contagion Effect → Berachain Emergency Hard Fork (To fix a related vulnerability in its native BEX).

The image showcases a series of transparent, bulbous containers partially filled with a textured, deep blue substance, interconnected by slender metallic wires and capped with cylindrical silver components. The foreground elements are sharply focused, while the background blurs into a soft grey, emphasizing the intricate central arrangement

Outlook

Immediate mitigation requires all users to revoke token approvals granted to Balancer contracts on all affected chains to prevent further unauthorized fund movements. The systemic nature of this multi-chain exploit is expected to trigger a new wave of audits focusing specifically on the mathematical precision and invariant checks in complex AMM logic, particularly for functions that bundle transactions like batchSwap. This event establishes a new security best practice → protocols must implement more robust, redundant precision checks and formal verification of all internal accounting logic before multi-chain deployment.

The Balancer V2 exploit represents a critical failure of complex smart contract architecture, underscoring the systemic risk of deploying intricate, multi-chain logic without absolute formal verification.

Precision rounding error, smart contract logic, batch swap vulnerability, invariant manipulation, multi-chain liquidity, staked derivative token, vault accounting flaw, DeFi systemic risk, asset withdrawal exploit, protocol governance, emergency hard fork, on-chain forensic, collateral drain, Ethereum Arbitrum Base, stable pool vulnerability Signal Acquired from → beincrypto.com