Balancer

Quick Summary

Balancer DEX faced a frontend vulnerability exploit on Sep 20, 2023, resulting in a loss of 238,000 USD.




Details of the Exploit

Balancer, an AMM-based DEX operating on multiple chains, experienced a frontend vulnerability exploit on September 20, 2023. The
attacker managed to transfer the stolen funds using the bridge between the Avalanche and Ethereum chains. They also distributed
some of the stolen funds to several wallets. One of the attacker-related addresses, 0xf998, received 1.04 AVAX from MEXC.




Block Data Reference

The attacker's address:

- https://cchain.explorer.avax.network/address/0x645710af050e26bb96e295bdfb75b4a878088d7e

- https://cchain.explorer.avax.network/address/0xF99825f51F6D922EBBf1527809e99A4b9F0a29D6




Funds Holders as of Sep 20, 2023:

- https://cchain.explorer.avax.network/address/0x645710af050e26bb96e295bdfb75b4a878088d7e

- https://cchain.explorer.avax.network/address/0x1c14D9cFA074356345f756053462Af408369294f




Bridging Transactions:

- https://cchain.explorer.avax.network/tx/0x3bee94d97c642a019171e5b2ad9ef7ed909a460179376bcf04aa6bd60991597c

- https://cchain.explorer.avax.network/tx/0x129938d782023ff892b7dcf1e28ff4fb48db96d480d8814bc49a588363a57e4c

Quick Summary

Balancer V2 liquidity pools were exploited via a flash loan attack resulting in a loss of 1,898,586 USD worth of stablecoins.




Details of the Exploit

Balancer, an AMM-based DEX running on multiple chains including Ethereum, Optimism, and Fantom, was exploited on August 27, 2023.
The attacker exploited the Balancer V2 liquidity pools in multiple transactions via a flashloan attack. They took a flash loan
from Aave and used the loaned funds to exploit Balancer's smart contracts. Balancer had made their users aware of the
vulnerability on January 6, 2023, and mentioned that they started the mitigation process. On August 22, 2023, they disclosed that
they had mitigated over 80% of the funds, while 4% of Balancer's TVL was still at risk. Users were advised to withdraw affected
LPs immediately. The stolen funds in all three affected chains were swapped for DAI and then bridged to the mainnet. The funds
were transferred to other EOAs that are currently holding the funds as of August 29, 2023. The total loss was 1,898,586 USD worth
of stablecoins such as USDT, USDC, and DAI. This included 1,000,377 USD from Ethereum, 221,855 USD from the Optimism chain, and
676,354 USD from the Fantom chain.




Block Data Reference

Attackers:

- https://etherscan.io/address/0xEd187F37E5Ad87d5b3B2624C01dE56C5862b7a9B

- https://optimistic.etherscan.io/address/0xbc794f1ff9ad7711a9d2e69be5b499e290b8fd3c

- https://ftmscan.com/address/0x64e08fa89c2bae9f123cc8a293775f0e6cc86760




Funds Holders as of Aug 28, 2023:

- https://etherscan.io/address/0xb23711b9d92c0f1c7b211c4e2dc69791c2df38c1

- https://etherscan.io/address/0x429313e53a220c4a5693cad1da26ae5045b5762f

- https://etherscan.io/address/0xbc794f1ff9ad7711a9d2e69be5b499e290b8fd3c




Malicious Transactions:

- https://etherscan.io/tx/0x2a027c8b915c3737942f512fc5d26fd15752d0332353b3059de771a35a606c2d

- https://etherscan.io/tx/0x773fa597c4b58f86ee91b2c57d0d4b12014a60b939a6eb186d50ec45300bfa4a

- https://etherscan.io/tx/0x42441d8ed0034e337dad0365a64dd19a57639801dcbf4939863f47bf6c80daa4

- https://etherscan.io/tx/0x72a655cedf8dca4551db987a8196d5063a768be48cfba64553f0b6087e64686e

- https://etherscan.io/tx/0x85d7aec3f12191f0c0ae5fe8e4442915ac9fc24da96901b9e531af7082b3c2df




Malicious Contracts:

- https://etherscan.io/address/0x2100dCd8758aB8B89b9b545A43A1E47e8e2944f0

- https://etherscan.io/address/0x48567fb8c39e2b9599455b34c4c93e5586af103b

- https://etherscan.io/address/0x7bceff0a1d2619b7f15563c061d45c9bc5b3ccca

- https://etherscan.io/address/0x254c36e9AC87421704E12F5d3092d740E9A1eE14

- https://etherscan.io/address/0x561b6b0d0f0f8d78b428b0b63a93264d82647a1d




Funds Transfer Transactions:

- https://etherscan.io/tx/0x549e2865777e46879e4cea1a775059e603eef5c23ad03ee8c131973868ce616a

- https://etherscan.io/tx/0xa2b6caf23558c667ee75cda31ebb6ae53d8b01ea4fb0e5f9a101f2978b495c44

- https://etherscan.io/tx/0x3e4bcdc36473a8d685db126ac00b17c3d2944168ecb249c45fb9fc96b758f1c4

The transaction behind the attack:
https://etherscan.io/tx/0x013be97768b702fe8eccef1a40544d5ecb3c1961ad5f87fee4d16fdc08c78106

The attacker's address:
https://etherscan.io/address/0xbf675c80540111a310b06e1482f9127ef4e7469a

The attacker:
- borrowed a flash loan (104,331 WETH) from dYdX

- performed multiple swapExactAmountIn() calls within the same transaction to drain the STA balance in the attacked Balancer pool.
swapExactAmountIn() sets the limit on the swap amount, i.e., inRecord.balance * MAX_IN_RATIO. The attacker calculated the limit
and swapped the maximum allowed amount of WETH for STA via a flurry of operations. The result of performing the above swaps is to
intentionally left 1e-18 in the Balancer pool

- by sending in 1e-18 STA into BPool via swapExactAmountIn(), the attacker swapped out 30,347 WETH in the first run. In internal
records for book-keeping, _records[STA] is increased by tokenAmountIn (i.e., 1) before the BPool contract actually collects the
corresponding STA tokens from the msg.sender

- the _pullUnderlying() function collected the STA tokens. Note: STA is a deflationary token that charges shown 1% on every token
transfer. Because of the transfer fee cut, the Balancer pool actually got zero STA tokens. Therefore, there’s a mismatch between
the actual STA balance of BPool and its internal records (i.e., _records[STA])

- The gulp() is exploited to reset the _records[STA], which helps the attacker to maintain the state that BPool has only 1e-18 STA

- repaid the flash loan back to dYdX.