According to Foresight News, BlockSec Phalcon monitoring has reported that several projects based on Balancer were attacked a few hours ago, resulting in losses exceeding $120 million. This is a highly complex attack method. Preliminary analysis shows that the fundamental cause of the attack was the manipulation of the invariant, which distorted the BPT price calculation, allowing the attacker to profit from a single batch swap in a specific stable pool. For example, in an attack transaction on Arbitrum, the batch swap operation can be divided into three stages: 1. The attacker swaps BPT for the underlying asset to precisely adjust the balance of one token (cbETH) to the edge of the rounding boundary (amount = 9), laying the groundwork for the precision loss in the next step. 2. The attacker then uses a specific amount (=8) to swap between another underlying asset (wstETH) and cbETH. Due to rounding down when scaling the token amount, the calculated Δx slightly decreases (from 8.918 to 8), causing Δy to be underestimated, thereby reducing the invariant (D in Curve's StableSwap model). Since BPT price = D / totalSupply, the BPT price is artificially depressed. 3. The attacker reverses the swap of the underlying asset back to BPT, profiting from the depressed BPT price while restoring the balance.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
