Scan to download
Home Flash
Calendar
BTC $66,863.80 -1.88%
ETH $1,968.20 -2.65%
BNB $606.36 -2.84%
XRP $1.42 -4.80%
SOL $81.73 -4.59%
TRX $0.2794 -0.62%
DOGE $0.0973 -4.20%
ADA $0.2735 -4.22%
BCH $556.85 -1.71%
LINK $8.61 -3.59%
HYPE $28.92 -2.57%
AAVE $122.36 -3.93%
SUI $0.9118 -7.08%
XLM $0.1603 -4.92%
ZEC $260.12 -10.78%
BTC $66,863.80 -1.88%
ETH $1,968.20 -2.65%
BNB $606.36 -2.84%
XRP $1.42 -4.80%
SOL $81.73 -4.59%
TRX $0.2794 -0.62%
DOGE $0.0973 -4.20%
ADA $0.2735 -4.22%
BCH $556.85 -1.71%
LINK $8.61 -3.59%
HYPE $28.92 -2.57%
AAVE $122.36 -3.93%
SUI $0.9118 -7.08%
XLM $0.1603 -4.92%
ZEC $260.12 -10.78%
Home
Article
Flash
Specials
Columns
ETF
Knowledge Base
Calendar
Activity
Tools

Balancer Hacked: $120M Vulnerability Technical Analysis

ExVul Security
2025-11-04 13:15:53
Collection
On November 3, 2025, the Balancer protocol suffered a hacker attack on multiple public chains including Arbitrum and Ethereum, resulting in a loss of $120 million in assets. The core of the attack stemmed from a dual vulnerability involving precision loss and invariant manipulation. The key issue of this attack lay in the protocol's logic for handling small transactions.

Preface

On November 3, 2025, the Balancer protocol suffered a hacker attack across multiple blockchains including Arbitrum and Ethereum, resulting in a loss of $120 million in assets. The core of the attack stemmed from a dual vulnerability involving precision loss and manipulation of the invariant.

The key issue of this attack lies in the protocol's logic for handling small transactions. When users perform small amount swaps, the protocol calls the _upscaleArray function, which uses mulDown for rounding down the values. If the balance in the transaction and the input amount are both at specific rounding boundaries (for example, in the 8-9 wei range), it can lead to significant relative precision errors.

The precision error propagates into the calculation of the protocol's invariant value D, causing the D value to be abnormally reduced. The fluctuation of D directly lowers the price of BPT (Balancer Pool Token) in the Balancer protocol, allowing the hacker to exploit this depressed BPT price through a pre-designed trading path, ultimately resulting in massive asset losses.

Vulnerability exploit Tx:

https://etherscan.io/tx/0x6ed07db1a9fe5c0794d44cd36081d6a6df103fab868cdd75d581e3bd23bc9742

Asset transfer Tx:

https://etherscan.io/tx/0xd155207261712c35fa3d472ed1e51bfcd816e616dd4f517fa5959836f5b48569

Technical Analysis

Attack Entry Point

The entry point of the attack is the Balancer: Vault contract, with the corresponding entry function being batchSwap, which internally calls onSwap for token exchanges.

From the function parameters and constraints, several pieces of information can be gathered:

  1. The attacker needs to call this function through the Vault and cannot call it directly.

  2. The function internally calls _scalingFactors() to obtain scaling factors for scaling operations.

  3. The scaling operations are concentrated in _swapGivenIn or _swapGivenOut.

Attack Mode Analysis

BPT Price Calculation Mechanism :

In Balancer's stable pool model, the BPT price is an important reference that determines how much BPT a user receives and how much asset each BPT gets.

Where D = invariant, derived from Curve's StableSwap model.

In the pool's exchange calculation:

The part that acts as the BPT price benchmark is the invariant D, meaning that to manipulate the BPT price, one needs to manipulate D. The following analyzes the calculation process of D:

In the above code, the calculation process of D relies on the scaled balances array. In other words, an operation is needed to change the precision of these balances, leading to incorrect D calculations.

Root Cause of Precision Loss:

Scaling Operation:

As shown above, when using _upscaleArray, if the balance is very small (like 8-9 wei), the rounding down by mulDown can lead to significant precision loss.

Detailed Attack Process

These exchanges occur within the same batchSwap transaction, sharing the same balance state, but each swap calls _upscaleArray to modify the balances array.

Lack of Callback Mechanism

The main process is initiated by the Vault; how does it lead to the accumulation of precision loss? The answer lies in the balance array's transmission mechanism.

Analyzing the above code, although a new currentBalances array is created each time onSwap is called, in the Batch Swap:

  1. After the first swap, the balance is updated (but due to precision loss, the updated value may be inaccurate).

  2. The second swap continues to calculate based on the result of the first.

  3. The precision loss accumulates, ultimately causing the invariant D to significantly decrease.

Key Issues:

Although the Vault passes in a new array each time:

  1. If the balance is very small (8-9 wei), the precision loss during scaling is significant.
  2. In the Batch Swap, subsequent swaps continue to calculate based on the already lost precision balances.
  3. There is no verification of whether the changes in invariant D are within a reasonable range.

Conclusion

The attack on Balancer can be summarized by the following reasons:

  1. Scaling function uses rounding down: _upscaleArray uses mulDown for scaling, which can cause significant relative precision loss when the balance is very small (like 8-9 wei).

  2. Invariant calculation is sensitive to precision: The calculation of invariant D relies on the scaled balances array, and precision loss directly propagates into the calculation of D, making D smaller.

  3. Lack of verification for invariant changes: During the exchange process, there was no verification of whether the changes in invariant D were within a reasonable range, allowing attackers to repeatedly exploit precision loss to depress BPT prices.

  4. Accumulation of precision loss in Batch Swap: In the same batch swap, the precision loss from multiple exchanges accumulates, ultimately amplifying into massive financial losses.

These two issues—precision loss and lack of verification—combined with the attacker’s careful design of boundary conditions, led to this loss.

Related tags
Balancer DeFi Security
warnning Risk warning
ExVul Security

ExVul Security

ExVul is a leading Web3 security company composed of top security experts from around the world.
Pharos Ecological Security Guide: Full-Link Risk Control for RWA Asset Integration
Pharos Ecological Security Guide: Full-Link Risk Control for RWA Asset Integration
The top trading bot Polycule on Polymarket was attacked, how prediction market projects should enhance security measures
The top trading bot Polycule on Polymarket was attacked, how prediction market projects should enhance security measures
Related tags
Balancer DeFi Security
Related reading
Fintech vs. DeFi: Which financial system is more competitive?

Fintech vs. DeFi: Which financial system is more competitive?

ChainCatcher Hong Kong Themed Forum Highlights: Industry Leaders Gather to Discuss Market Opportunities and Growth Paths in the New Cycle

ChainCatcher Hong Kong Themed Forum Highlights: Industry Leaders Gather to Discuss Market Opportunities and Growth Paths in the New Cycle

USDD and Morpho launch a 30-day incentive campaign: Share a reward of 30,000 USDD with a maximum additional subsidy of 2%

USDD and Morpho launch a 30-day incentive campaign: Share a reward of 30,000 USDD with a maximum additional subsidy of 2%

Huobi HTX launches USDe minting and redemption services, and introduces daily rewards for USDe holders

Huobi HTX launches USDe minting and redemption services, and introduces daily rewards for USDe holders

Copyright © 2023
About Us
Media Kit
Apply column
Privacy Policy
Disclaimer
API
Hiring
Qiong ICP No. 2021009392
Qiong ICP No. 2021009392
app_icon
ChainCatcher Building the Web3 world with innovations.