link.png

ID:

balancer-labs-1107

Date:

Status:

Incident Count:

May 14, 2022

Near-Miss

3

info.png
target.png
REKT

Contributor:

chain.png

web3rekt.com

KYC By:

KYC:

None

info.png

Audit By:

Audits:

OpenZeppelin

Loss Amount:

-

info.png

Recovered:

-

Rewards:

50,000

Currency:

USD

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Data Sources:

Balancer Labs

Network

Assets

Near-Miss

Extended Method:

Vulnerable to the usage of flash loans to create DoS

info.png

Days in Operation:

5488

(15.04 Years)

chain.png
chain.png
chain.png
chain.png
datasource.png

ChainSecurity employee @k_besic reported a vulnerability classified as “Medium” in Balancer protocol. The vulnerability consisted of a potentially exploitable Denial of Service (DoS) scenario by emptying double entry-point ERC-20 tokens through Balancer’s flash loans. Balancer paid k_besic $50,000 USDC for his excellent find.

Balancer introduced a protocol for configurable liquidity on the Ethereum blockchain and other EVM-compatible systems. With Balancer, users are able to create liquidity pools with up to eight different ERC-20 tokens, in any ratio. These pools can be thought of as automatically rebalancing portfolios, providing traders with what can be called a decentralized index fund.

Balancer’s core smart contract is called “The Vault’’, and it controls and holds all tokens in each of the Balancer pools. The Vault’s architecture separates the token accounting and management from the pool logic, simplifying the pools’ contracts. In this architecture, Balancer’s Protocol Swap Fees are the percentage of swap fees collected by pools defined on a contract named ProtocolFeesCollector.sol. These fees include flash loan fees, and they are adjusted through governance by the Balancer’s DAO.

In the vulnerability reported in this submission, the whitehacker showed that issuing a flashloan using the Vault contract’s balance could be used to move tokens from the Vault into the ProtocolFeesCollector (as if they were regular protocol fees), leading to a DoS scenario as the Vault suddenly lacks tokens to transfer during swaps.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.