Balancer Hacks: Root Cause and Loss Analysis

  • Flashloan Borrow: The bad actor borrowed a flash loan (104,331 WETH) from dYdX.
  • STA Depletion: With the borrowed WETH, the bad actor performed a flurry of swaps to deplete almost all STA tokens owned by a Balancer pool. Note that STA is a deflationary token that will charge 1% on every token transfer. The result of STA depletion is that there is only 1e-18 STA left in the pool.
  • Exploitation for Profit The bad actor exploited the flawed handling of STA in Balancer and stoled the pool assets approximately valued $523,616.52.
  • Flashloan Repay Finally, the bad actor repaid the dYdX flash loan and walked away with the stolen assets.
Figure 1: Balancer Hack Breakdown

Step 1: Flashloan Borrow

Step 1: The Flash Loan Borrowing WETH From dYdX

Step 2: STA Depletion

Step 2: Instant STA Depletion (Part I)
Step 2: Instant STA Depletion (Part II)

Step 3: Exploitation for Profit

Step 3: Exploitation for Profit (Part I)
Step 3: Exploitation for Profit (Part I — continued)
Step 3: Exploitation for Profit (Part II: gulp resets internal records of STA balance)

Step 4: Flashloan Repay

Step4: Repay dYdX Loan

Mitigation

Aftermath

About us

--

--

--

A Blockchain Security Company (https://peckshield.com)

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Easy step-by-step guide on how you can create your H2ON wallet in MetaMask

Fraudsters can’t hide behind their mask anymore

Image of a fraudster hiding behind a white mask

An Introduction to the Datawiza AMaaS

Greedy IDO Date Announcement

A cybercriminal group says they have deleted vaccination data from millions of Brazilians.

Do you have a cybersecurity playground?

Do you invest in keeping your skills up to date?

Howdoo.io (#Hyprr) is officially announcing its collaboration with today’s hottest payment…

{UPDATE} Peer Pressure - The Ultimate Drinking Game Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
PeckShield

PeckShield

A Blockchain Security Company (https://peckshield.com)

More from Medium

Siren and Chainlink Enhance the DeFI User Experience

Unveiling Pickle finance (Part 1)

The Optimistic View

Spotlight of Web 3.0 — Dive into the Paradigm of Storage on Arweave