Security

Balancer V2 Stable Pools Drained via Compounded Precision Rounding Flaw

Precision loss in Balancer's core invariant math was weaponized via atomic batch swaps, compromising pool integrity and draining $128M.
December 5, 20253 min

A close-up view reveals two abstract, smooth, intertwined forms against a soft grey background. One form is opaque white, while the other is translucent, deep blue, reflecting light and creating dynamic visual depth
A white, modular device, resembling an advanced hardware wallet or a decentralized oracle mechanism, is partially submerged in a bubbly blue liquid, actively emitting glowing blue light and water splashes from its central processing unit. This visually represents the dynamic operations of a high-performance blockchain node

Briefing

The Balancer V2 protocol suffered a catastrophic economic exploit on November 3, 2025, resulting in the loss of over $120 million across multiple EVM chains. The primary consequence was the systemic failure of the Composable Stable Pools, which allowed an attacker to systematically drain liquidity provider assets. This sophisticated attack was rooted in a subtle rounding inconsistency within the pool’s core invariant calculation logic, which was compounded through repeated, atomic batchSwap operations. The total quantified loss is estimated at $128.64 million, making it one of the largest DeFi breaches of the year.

Two white, sleek, robotic-like components are shown in close proximity, with a vibrant blue light and numerous particles emanating from the connection point between them, set against a blurred blue, fluid-like background. Splashes of blue liquid surround the modular units, suggesting an active, dynamic environment of data or energy transfer

Context

The prevailing risk in complex DeFi protocols remains the interaction between high-precision math and the integer-only environment of the Ethereum Virtual Machine (EVM). This incident is a direct consequence of a known class of vulnerability where tiny, wei-level rounding discrepancies in pool invariant calculations can be weaponized. The protocol’s architecture, which treats Balancer Pool Tokens (BPT) as a tradable asset within the pool, amplified the attack surface by allowing the attacker to manipulate liquidity to a critical low-balance state.

The image displays a complex, cross-shaped structure of four transparent, blue-tinted hexagonal rods intersecting at its center. This central assembly is set against a blurred background of a larger, intricate blue and silver mechanical apparatus, suggesting a deep operational core

Analysis

The attacker’s method hinged on manipulating the pool into a low-liquidity state, which magnified the impact of a precision loss bug in the _upscale function. This specific flaw created an asymmetry in rounding direction during the invariant (D) calculation, causing a systematic undervaluation of the Balancer Pool Token (BPT). By executing a sequence of carefully calibrated micro-swaps within a single, atomic batchSwap transaction, the attacker repeatedly exploited this mathematical bias. This compounded the rounding errors, quietly reducing the pool invariant and allowing the attacker to withdraw more underlying assets than they deposited.

White and dark gray modular structures converge, emitting intense blue light and scattering crystalline fragments, creating a dynamic visual representation of digital processes. This dynamic visualization depicts intricate operations within a decentralized network, emphasizing the flow and transformation of data

Parameters

  • Total Funds Lost → $128.64 Million (The total value drained from the Composable Stable Pools across all affected networks).
  • Attack Vector → Rounding Inconsistency (A logic flaw in the pool’s invariant math that caused systematic precision loss).
  • Affected Chains → Ethereum, Arbitrum, Base, Polygon (The primary EVM networks targeted by the multi-chain exploit).
  • Funds Recovered → $45.7 Million (Assets protected or recovered through coordinated whitehat and emergency actions).

A futuristic, metallic, X-shaped structure, crafted with sharp angles and segmented components, dominates the frame, partially immersed in a swirling, cloud-like expanse. This expanse features vibrant, deep blue formations that gradually lighten and dissipate into softer, translucent white masses, set against a subtle gradient background

Outlook

Immediate mitigation for users involves withdrawing from all remaining Balancer V2 Composable Stable Pools that were not paused. This incident establishes a new security baseline, mandating that future audits must focus intensely on the cumulative effects of precision loss in batched and chained operations, moving beyond single-swap correctness. Contagion risk is high for all protocols forking Balancer V2 or relying on similar stable pool invariant math, requiring immediate code review and emergency pausing.

Two futuristic, white cylindrical components are depicted in close proximity, appearing to connect or exchange data. The right component's intricate core emits numerous fine, glowing strands surrounded by small, luminous particles, suggesting active data transmission between the modules

Verdict

The Balancer V2 exploit serves as a definitive case study that a single, subtle mathematical rounding error, when weaponized by advanced batching logic, can translate into a nine-figure systemic failure.

Smart contract vulnerability, precision loss exploit, invariant manipulation, automated market maker, composable stable pool, batch swap attack, multi-chain incident, DeFi economic exploit, rounding error, low liquidity state, whitehat recovery, on-chain forensics, liquidity provider risk, EVM integer math, asset undervaluation, token price distortion, code audit failure, systemic DeFi risk, protocol invariant flaw, multi-chain drain Signal Acquired from → openzeppelin.com

Micro Crypto News Feeds

composable stable pools

Definition ∞ Composable stable pools are liquidity pools in decentralized finance that consist of stablecoins and allow for flexible integration with other protocols.

pool invariant

Definition ∞ Pool Invariant denotes a mathematical relationship or constant maintained within a decentralized exchange (DEX) liquidity pool, particularly in automated market makers.

precision loss

Definition ∞ Precision loss describes the reduction in accuracy of numerical values, often occurring during data processing or storage.

stable pools

Definition ∞ Stable pools are specialized liquidity pools within decentralized finance (DeFi) protocols designed for trading stablecoins or other assets that are pegged to the same value, such as different versions of wrapped Bitcoin.

multi-chain

Definition ∞ A multi-chain system refers to an architecture that supports multiple independent blockchain networks.

assets

Definition ∞ A digital asset represents a unit of value recorded on a blockchain or similar distributed ledger technology.

stable pool

Definition ∞ A stable pool is a type of liquidity pool in decentralized finance specifically designed to facilitate exchanges between stablecoins or other pegged assets with minimal price volatility.

systemic failure

Definition ∞ Systemic Failure describes a widespread collapse or severe disruption across an entire financial system or market, rather than an isolated incident.

Tags:

Tags: