The attack on Balancer V2 involved exploiting arithmetic precision loss in the ComposableStablePool contracts, allowing the attacker to drain over $128 million within 30 minutes. By leveraging a rounding error vulnerability, the attacker executed over 65 micro-swaps that compounded these losses, drastically impacting the prices of Balancer Pool Tokens (BPT).
The exploit utilized a multi-stage process, starting with adjusting token balances to reach critical rounding limits. Subsequent swaps triggered precision losses which further lowered the BPT prices, enabling the attacker to mint or purchase BPT at artificially suppressed rates, then redeem them for underlying assets at their full value. Upon successful execution of the contract, the exploit contract was able to withdraw the amassed funds, leaving a significant loss for the affected liquidity pools.
👉 Pročitaj original: Check Point Research
