BALANCER

DESCRIPTION OF EVENTS

"Automated portfolio manager and trading platform. Put your cryptoassets to work and get the best prices for trades." "Balancer is a community-driven protocol, automated portfolio manager, liquidity provider, and price sensor that empowers decentralized exchange and the automated portfolio management of tokens on the Ethereum blockchain and other EVM compatible systems."

"Balancer turns the concept of an index fund on its head: instead of paying fees to portfolio managers to rebalance your portfolio, you collect fees from traders who rebalance your portfolio by following arbitrage opportunities." "Balancer Pools contains two or more tokens that traders can swap between. Liquidity Providers put their tokens in the pools in order to collect swap fees." "Balancer adopts powerful features to slash gas costs, super-charge capital efficiency, unlock arbitrage with zero-token starting capital, and open the door to custom AMMs."

"Balancer enables efficient trading by pooling crowdsourced liquidity from investor portfolios and using its Smart Order Router to find traders the best available price. Exchange any combination of ERC-20 tokens permissionlessly, with ease." "The Balancer Protocol is a core building block of DeFi infrastructure—a unique financial primitive and permissionless development platform. Balancer is the most flexible and versatile Automated Market Maker, giving developers unprecedented customizability."

As of June 3rd, there were "153 pools with over $10.2M total liquidity."

"Started at 06:03:11 PM +UTC, Jun-28-2020, the DeFi platform, Balancer, was attacked by exploiting its flawed handling of ERC20 deflationary tokens." "Balancer Pool admitted early [on June 29th, 2020] it had fallen victim to a sophisticated hack that exploited a loophole, tricking the protocol into releasing $500,000 worth of tokens." "The hacker made off with around 601 ether, 11 wrapped bitcoin (WBTC), 22,600 chainlink (LINK), and 61,000 synthetix (SNX)" "Technically, the main logic behind the incident is the incompatibility between Balancer and deflationary tokens, which is then misused by the attacker to create skewed STA/STONK pools states and make profits from that."

"[T]he transaction begins with a flash loan from dYdX for 104,000 ETH, or about $23 million." "The exploit relied on Statera (STA), a deflationary token where 1% of every transaction is automatically burned. Balancer’s smart contracts seem to have failed to account for this, thus expecting that each transaction would be for the full amount." "The hacker exploited this by exchanging back and forth between Statera and Ether 24 times. At each step, the STA balance available to the contract diminished by 1%, but the smart contract did not account for this. Thus, the price of STA remained stable despite the dwindling supply." "[A]t the end of this procedure the attacker called a function that updated the price based on the effective pool balance. Since the STA side was empty, it was suddenly priced at a huge premium." "The hacker used a “weiSTA,” or one billionth of a token, to swap for other assets on the platform, including ETH, BTC, LINK and SNX. Due to the burn mechanism, the weiSTA was never actually exchanged, which allowed the hacker to perform the transfer multiple times until all STA pools were dried." "They then exchanged the remainder of the STA to Balancer Pool tokens and cashed them out to Ether with Uniswap."

"The attack vector is quite simple. Balancer pools were not designed with deflationary tokens (like Statera and STONK) in mind. Specifically, these kinds of tokens include a transferFee that are assessed whenever transfer() or transferFrom() functions are called to move funds. For example, transferring 100 Statera tokens into a Balancer pool would result in only 99 tokens being added to the pool since 1 token would be burned in the process."

"The key difference between Balancer and Uniswap, which handles these tokens correctly, is that a Balancer Pool contract does not double check its actual token balance before performing a swap. Instead, it assumes a successful transferFrom() call with 100 erc20 tokens will result in its token balance increasing by that exact amount, 100 tokens, and stores this value in a storage variable called _records[address]. This causes _records[address] to be inaccurate when dealing with deflationary tokens."

"Balancer pools also include a function called gulp() which can be called to update the stored token balance in _records[address] to the actual value. This function was intended to be used for inflationary tokens but actually represents an attack vector when used with deflationary tokens."

"The Balancer team is being accused by a security researcher and the STA team for ignoring a bug report submitted almost two months before. Balancer’s CTO, Mike McDonald, confirmed the existence of the report, claiming that the issue outlined in it was essentially unexploitable and blaming flash loans for the incident. It is worth noting that any exploit made possible by a flash loan is also vulnerable to hackers with significant funds." “The only warning they have is on their website which suggests that the project is in beta and all funds are at risk.” "The hacker’s identity remains a mystery but analysts at 1inch exchange, a decentralized exchange aggregator, said the hacker had covered their tracks well: The ether used to pay transaction fees and deploy smart contracts was laundered through Tornado Cash, an Ethereum-based mixer service."

"“The person behind this attack was [a] very sophisticated smart contract engineer with extensive knowledge and understanding of the leading DeFi protocols,” 1inch said in its blog post on the breach." "“We deeply regret, apologize and sincerely extend our condolences to all the victims of this attack,” Statera said in an official announcement." The CTO posts that they "will begin adding transfer fee tokens to the UI blacklist similarly to what we have done for no bool transfer tokens. Note that these lists will be non-exhaustive and any new tokens can be added to Balancer at any point." "The project [initially] added that it was not in a position to be able to refund the attacker’s victims."

"[S]ome community members called for lawsuits against the firm and its developers hours after the hack came to light." "After thorough discussions with the community, the Balancer Labs team decided that it [would] fully reimburse all the liquidity providers who lost funds in the attack." "Balancer Labs [clarified they made the decision to] reimburse the losses of liquidity providers in the attack [because] the team had already received a specific bug bounty report prior to the hack."

"After thorough discussions with the community, the Balancer Labs team decided that it will fully reimburse all the liquidity providers who lost funds in the attack of yesterday. We will also pay out the highest bug bounty available for @Hex_Capital." "The bug bounty report describes in detail the attack that happened. Our team however did not think it would be a practical attack because of the enormous amounts of funds and also gas we thought would be required for bringing the balance of the deflationary token to near 0 in a single atomic transaction." "We at Balancer Labs are all human beings working a lot and under a lot of stress. Unfortunately we are bound to make mistakes and wrong decisions and thinking the attack was not viable was most definitely one of them. We sincerely apologize to Ankur Agrawal (Hex_Capital) who submitted the report and will award them the maximum amount available in our current bug bounty."

Balancer allows the creation of multi-token pools which rebalance as others use them for trading. The Balancer protocol smart contract hot wallet had a vulnerability to deflationary tokens, which a hacker was able to exploit to steal $523k worth of liquidity.

Initially, the project refused to assist affected users and denied responsibility. However, this decision was reversed after it was determined that a previous bug bounty report had been made (and ignored at the time) about the vulnerability. In the end, Balancer paid out the bug bounty and repaid all affected users.

HOW COULD THIS HAVE BEEN PREVENTED?

Smart contracts are still in their infancy. Even a smart contract with two audits cannot be guaranteed to be safe. The safest storage is offline multi-sig. Funds in hot wallets should be limited to that which can be insured by a treasury, industry insurance fund, or smart contract insurance protocol.

Check Our Framework For Safe Secure Exchange Platforms

Incident with non-standard ERC20 deflationary tokens (Jun 28)
Balancer Hacks: Root Cause and Loss Analysis (Jun 28)
DeFi Protocol Balancer Hacked Through Exploit It Seemingly Knew About (Jun 29)
Balancer Hacks: Root Cause and Loss Analysis (Jun 29)
Hacker Drains $500K From DeFi Liquidity Provider Balancer - CoinDesk (Jun 29)
@StateraProject - Twitter (Jun 29)
@StateraProject - Twitter (Jun 29)
'Sophisticated' Hacker Plunders $450,000 From Defi Protocol Balancer | Altcoins Bitcoin News (Jun 29)
DeFi platform Balancer to reimburse $500k in hack losses; community threatens legal action | CryptoSlate (Jun 30)
CipherTrace Cryptocurrency Crime and Anti-Money Laundering Report 2020 (Jun 20)
SlowMist Hacked - SlowMist Zone (May 18)
List of Ethereum Smart Contracts Post-Mortems - Security - OpenZeppelin Community (Jun 23)
Millions Lost: The Top 19 DeFi Cryptocurrency Hacks of 2020 | Crypto Briefing (May 22)
Blockchain Hacks: 2020 | $15 billion lost, how can we mitigate hacks in 2021? | CertiK Foundation Blog (Jul 23)
Comprehensive List of DeFi Hacks & Exploits - CryptoSec (Jan 8)
Balancer AMM DeFi Protocol (Jan 9)
Welcome - Balancer (Jan 9)
https://medium.com/@ankur_63065/balancer-labs-incident-when-bug-bounties-fail-d783553bbcaf (Jan 9)
@Hex_Capital Twitter (Jan 9)
@defipulse Twitter (Jan 9)
@BalancerLabs Twitter (Jan 9)
@BalancerLabs Twitter (Jan 9)
@BalancerLabs Twitter (Jan 9)
Update 2 Incident With Non Standard Erc20 Deflationary Tokens (Jan 9)
Balancer to compensate victims of $450,000 exploits and reward white hat hacker (Jan 9)
Balancer Pools Get Drained Off $500K Through STA Exploit, Team Reimburses - CryptoTicker (Jan 9)
Balancer hacked twice within 24 hours, though this time is relatively small around $2,300 worth of Compound tokens (COMP) - AZCoin News (Apr 10)

More case studies

Bancor
Self-Hack

Vether V3
Exploited