Balancer Hacks: Root Cause and Loss Analysis

  • Flashloan Borrow: The bad actor borrowed a flash loan (104,331 WETH) from dYdX.
  • STA Depletion: With the borrowed WETH, the bad actor performed a flurry of swaps to deplete almost all STA tokens owned by a Balancer pool. Note that STA is a deflationary token that will charge 1% on every token transfer. The result of STA depletion is that there is only 1e-18 STA left in the pool.
  • Exploitation for Profit The bad actor exploited the flawed handling of STA in Balancer and stoled the pool assets approximately valued $523,616.52.
  • Flashloan Repay Finally, the bad actor repaid the dYdX flash loan and walked away with the stolen assets.
Figure 1: Balancer Hack Breakdown

Step 1: Flashloan Borrow

This step basically takes advantage of the dYdX flashloan feature to borrow 104,331 ETH. This part is already known and we will not go into the details.

Step 1: The Flash Loan Borrowing WETH From dYdX

Step 2: STA Depletion

In this step, the bad actor performed multiple swapExactAmountIn() calls within the same transaction to drain the STA balance in the attacked Balancer pool. We notice that swapExactAmountIn() sets the limit on the swap amount, i.e., inRecord.balance * MAX_IN_RATIO. The hacker calculated the limit and swapped the maximum allowed amount of WETH for STA via a flurry of operations as follows:

Step 2: Instant STA Depletion (Part I)
Step 2: Instant STA Depletion (Part II)

Step 3: Exploitation for Profit

After the previous two steps, this step essentially exploitsed the vulnerability to steal the pool assets.

Step 3: Exploitation for Profit (Part I)
Step 3: Exploitation for Profit (Part I — continued)
Step 3: Exploitation for Profit (Part II: gulp resets internal records of STA balance)

Step 4: Flashloan Repay

The final step repaid the flashloan back to dYdX.

Step4: Repay dYdX Loan

Mitigation

This incident emphasizes the challenges posed by DeFi composability that may create less obvious incompatibility from deflationary tokens. It also reminds earlier incidents that show the incompatibility from ERC777 tokens. We expect the incompatibility will likely continue to exist and there is no easy solutions.

Aftermath

The Balancer hack will likely not be the last incident. In the following, we put together the amount loss of various assets in this incident:

About us

PeckShield Inc. is an industry leading blockchain security company with the goal of elevating the security, privacy, and usability of current blockchain ecosystem. For any business or media inquiries (including the need for smart contract auditing), please contact us at telegram, twitter, or email.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store