‘Critical vulnerability’ reported in Balancer v2 pools

The vulnerability has been mitigated in around 80% of the affected v2 pools

August 22, 2023 01:30 pm

Tang Yan Song/Shutterstock modified by Blockworks

Liquidity protocol Balancer has discovered and disclosed a “critical vulnerability” affecting more than 100 of its v2 pools across eight blockchains.

Balancer said the issue has been mitigated in around 80% of the impacted pools. The remaining 20% of affected pools represent roughly 4% of Balancer’s total value locked (TVL).

Newsletter

Subscribe to Blockworks Daily

The Balancer team posted a list of affected pools on its GitHub page and its emergency subDAO has been activated, enabling users to exit from affected pools.

“We believe funds in the mitigated pools (labeled ‘mitigated’) are safe, but nevertheless strongly recommend timely migration to safe pools, or withdrawal,” Jeff Bennett, a software engineer at Balancer Labs, wrote in a post.

Bennett urged all liquidity providers to exit their positions in affected pools immediately.

“Pools that could not be mitigated are labeled ‘at risk.’ If you are [a liquidity provider] in any of these pools, please exit immediately,” he wrote.

The situation had an immediate market impact. The price of Balancer’s native token BAL dipped by over 4% on the news of the vulnerabilities. BAL’s price has since recovered, trading at $3.47 at the time of writing.

Blockworks Research analyst Spencer Hughes noted that the Balancer vulnerability shows that smart contract audits cannot guarantee total safety, and that it is important to note that they never claimed to be.

“With ~$830M TVL, a Balancer exploit would have left one of the most prominent DEXs for dead,” Hughes said. “Emergency SubDAOs are definitely very important for all DeFi protocols, and it is great that they were able to act before anything malicious could occur.”

Get the news in your inbox. Explore Blockworks newsletters:

Blockworks Daily: Unpacking crypto and the markets.
Empire: Crypto news and analysis to start your day.
Forward Guidance: The intersection of crypto, macro and policy.
0xResearch: Alpha directly in your inbox.
Lightspeed: All things Solana.
The Drop: Apps, games, memes and more.
Supply Shock: Bitcoin, bitcoin, bitcoin.

Tags

Newsletter

Blockworks Daily

Upcoming Events

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy tickets learn more

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy tickets learn more

Permissionless IV Hackathon

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

learn more

recent research

Research

Ethena: Evolving into an Institutional DeFi Chain

Ethena Labs is leaping from its flagship synthetic dollar, USDe, to a full product suite—USDtb, iUSDe, and the Arbitrum-based Converge Chain—designed to marry crypto-native yields with TradFi-grade compliance. Our analysis shows how expanding into CME, ETF options, and tokenized Treasuries could lift protocol revenue from sub-$500 million in a bear case to several billion dollars if favorable regulation and institutional adoption align.

by Daniel Shapiro