As analyzed by the 1inch.exchange team a few hours after the incident, a carefully crafted transaction taking more than 8 million gas, or about two thirds of an Ethereum block, stole over $500,000 in Ether, Wrapped Bitcoin (WBTC), Chainlink (LINK) and Synthetix (SNX) tokens.
Taking advantage of programmed burn
Timestamped at 6 PM UTC on Sunday, the transaction begins with a flash loan from dYdX for 104,000 ETH, or about $23 million.
The exploit relied on Statera (STA), a deflationary token where 1% of every transaction is automatically burned. Balancer’s smart contracts seem to have failed to account for this, thus expecting that each transaction would be for the full amount.
The hacker exploited this by exchanging back and forth between Statera and Ether 24 times. At each step, the STA balance available to the contract diminished by 1%, but the smart contract did not account for this. Thus, the price of STA remained stable despite the dwindling supply.
As noted by Balancer’s disclosure, at the end of this procedure the attacker called a function that updated the price based on the effective pool balance. Since the STA side was empty, it was suddenly priced at a huge premium.
The hacker used a “weiSTA,” or one billionth of a token, to swap for other assets on the platform, including ETH, BTC, LINK and SNX. Due to the burn mechanism, the weiSTA was never actually exchanged, which allowed the hacker to perform the transfer multiple times until all STA pools were dried.
They then exchanged the remainder of the STA to Balancer Pool tokens and cashed them out to Ether with Uniswap.
Security practices called into question
The Balancer team is being accused by a security researcher and the STA team for ignoring a bug report submitted almost two months before. Balancer’s CTO, Mike McDonald, confirmed the existence of the report, claiming that the issue outlined in it was essentially unexploitable and blaming flash loans for the incident. It is worth noting that any exploit made possible by a flash loan is also vulnerable to hackers with significant funds.
In a subsequently deleted tweet, McDonald appears to have taken responsibility for the bug.
Cointelegraph obtained screenshots from the STA team that further suggest that Balancer was keenly aware of the issue with transfer-fee tokens like Statera just days before the incident.
While Balancer took precautions with the STA pool by not including it in the liquidity mining program, it is unclear why the issue was not fixed at a smart contract level. At the same time, the protocol is permissionless and anyone can add new pools at their own risk. This would be similar to an incident that occurred on Uniswap during the dForce hack, where a pool created against the team’s advice was simultaneously hacked.
The Statera team nevertheless believes the risks were not adequately disclosed, with a representative saying:
“The only warning they have is on their website which suggests that the project is in beta and all funds are at risk.”
While Balancer documentation does mention risks for Statera-like tokens, they only involve “arbitrage opportunities.” The Statera representative said that “[we] wouldn't have gone with Balancer if we knew we were at risk for such an attack.”
Cointelegraph reached out to Balancer to learn more, but did not immediately receive a response.