Rewards Hub Balancer has identified a vulnerability in its V2 Composable Stable Pools that led to a recent exploit. The issue arose from the upscale function's rounding logic in the EXACT_OUT path, which introduced a precision error when the scaling factor was non-integer. Attackers exploited this flaw in conjunction with the batchSwap's deferred settlement mechanism, which allows temporary borrowing of assets during transactions. Additionally, the design treating BPT as a regular token enabled bypassing minimum pool share restrictions, reducing pool liquidity to minimal levels. This allowed the manipulation of pool balances and extraction of funds.
Balancer Exploit Exploits Precision Error in V2 Composable Stable Pools
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.