How a Developer Comment Aged Into a $128M Catastrophe: The Balancer Rounding Exploit
Buried in Balancer's smart contract code, right above the function that would eventually hemorrhage $128 million, sat a developer comment: "the impact of this rounding is expected to be minimal." They were wrong — by nine figures.
On November 3, 2025, an attacker exploited a microscopic rounding error in Balancer V2's Composable Stable Pools, draining funds across nine blockchain networks in under 30 minutes. It was not a flashy reentrancy attack or a compromised private key. It was arithmetic — the kind of bug that hides in plain sight, passes multiple audits, and waits patiently for someone clever enough to weaponize it.
The Anatomy of a Rounding Exploit
The Vulnerable Function
Balancer V2's batchSwap feature allows users to execute multiple token swaps in a single transaction. Under the hood, an internal function called _upscaleArray normalizes token balances to a common precision before calculations. This function uses scaling factors — multipliers that account for each token's decimal places and internal rate.
The problem? When scaling factors are non-integer values (which happens whenever token rates are incorporated), Solidity's integer arithmetic rounds down. In most scenarios, the precision loss amounts to a few wei — fractions of a cent. But Composable Stable Pools, which hold tightly correlated assets like liquid staking derivatives, amplify even tiny rounding errors through their StableSwap invariant calculation.
The Three-Stage Attack
The attacker's strategy was elegant in its simplicity:
-
Push to the boundary. Swap large amounts of BPT (Balancer Pool Tokens) for underlying tokens, driving one token's internal balance down to the critical 8–9 wei range — the exact threshold where Solidity's integer division produces maximum precision loss.
-
Compound the error. Execute rapid micro-swaps involving the boundary-positioned token. Each swap triggers
_upscaleArray, which rounds down during EXACT_OUT operations. The rounding causes the pool's invariantDto be systematically underestimated, artificially suppressing the BPT price. -
Extract the difference. Mint or purchase BPT at the suppressed price, then immediately redeem it for underlying assets at full value. Repeat.
The attacker deployed smart contracts whose constructors executed 65+ micro-swaps, compounding precision loss into catastrophic invariant manipulation. Each individual rounding error was negligible. Together, they bled the pools dry.
$128 Million Across Nine Chains in 30 Minutes
The exploit struck simultaneously across Ethereum, Base, Arbitrum, Avalanche, Optimism, Gnosis, Polygon, Berachain, and Sonic. Ethereum bore the heaviest losses at approximately $99 million, while smaller chains lost between $1–12 million each.
Hypernative's automated monitoring system detected the attack within minutes, but by then the damage was cascading across networks. The multi-chain nature of the exploit — identical vulnerable code deployed on every network — turned what could have been a single-chain incident into a DeFi-wide crisis.
Chain-Level Emergency Responses
The responses varied dramatically by network, revealing the spectrum of decentralization philosophies:
-
Berachain halted its entire network and executed an emergency hard fork, rolling back the exploit to recover $12.8 million in user deposits. The decision was controversial — the chain was barely months old and had to choose between user protection and immutability.
-
Gnosis Chain took a more measured approach initially, restricting bridge activity to prevent cross-chain fund movement. Monerium froze 1.3 million EURe in the affected vault. Then, on December 22, Gnosis executed a hard fork to recover $9.4 million — rewriting chain state to forcibly move funds from the attacker's wallet to a DAO-controlled recovery address.
-
StakeWise DAO leveraged Balancer's Safe Harbor framework (BIP-726, established in 2024) to legally authorize whitehat recovery operations, retrieving approximately $19 million in osETH and $1.7 million in osGNO.
In total, roughly $43 million was recovered or frozen — about one-third of the total losses.
The Audit Paradox
Perhaps the most unsettling aspect of the Balancer exploit is that it passed multiple professional security audits.
Trail of Bits audited Balancer V2 code and actually identified rounding-related concerns. In their 2021 review of Linear Pools, they flagged rounding behavior but could not definitively determine if it was exploitable. They recommended comprehensive fuzz testing to verify that "rounding directions of all arithmetic operations matched expectations."
When Trail of Bits later reviewed Composable Stable Pools in September 2022, the Stable Math library — the exact code containing the vulnerability — was explicitly out of scope.
The industry's threat landscape had shifted. In 2021, rounding and arithmetic issues were not considered a significant risk category. By 2025, rounding errors had become the second most exploited vulnerability in DeFi, trailing only stolen private keys. The audit standards hadn't kept pace.
Certora, which performed formal verification on Balancer V3, later acknowledged that their V2 verification properties "did not constrain the relationship between individual swaps or rounding behavior." The properties guaranteed solvency at a high level but missed scenarios where iterative operations could systematically accumulate value through rounding bias.
A Pattern, Not an Anomaly
The Balancer exploit did not emerge from a vacuum. Rounding precision attacks have a growing history in DeFi:
-
Hundred Finance (2023): Attackers manipulated the exchange rate in the hWBTC contract by donating WBTC, exploiting a rounding error in the
redeemUnderlyingfunction to withdraw disproportionate amounts. -
Raft Finance (2023): A flash loan attack exploited precision loss in the stablecoin protocol, draining $3.6 million.
-
Compound V2 forks (ongoing): Empty or near-empty lending pools remain vulnerable because low
totalSupplyvalues allow attackers to inflate exchange rates through donation attacks, exploiting integer division rounding. -
Balancer's own 2023 incident: A smaller $2.1 million rounding exploit targeted similar arithmetic assumptions — a warning shot that foreshadowed the catastrophic November 2025 breach.
The root cause is always the same: Solidity has no native floating-point support. Every division operation truncates, every multiplication can overflow, and every normalization step introduces potential error. When these errors compound across iterative operations — especially in AMM invariant calculations — the results can be devastating.
Why Audits Keep Missing Rounding Bugs
Traditional smart contract audits focus on logic flaws, access control, reentrancy, and oracle manipulation. Rounding errors require a fundamentally different approach:
They are mathematically subtle. A single rounding operation losing 1 wei is not a bug. The vulnerability only emerges when an attacker can iterate that operation thousands of times in a single transaction, compounding negligible errors into material value extraction.
They are context-dependent. The same rounding behavior can be harmless in one pool configuration and exploitable in another. Trail of Bits could not confirm the Linear Pools issue because the specific conditions for exploitation were not present in that pool type.
They evade static analysis. Automated tools check for known vulnerability patterns. Rounding exploitation requires understanding the mathematical relationship between iterative operations and pool invariants — something that demands deep domain expertise and property-based testing.
Formal verification helps — but only with the right properties. Certora's V3 verification included a critical property that V2 lacked: swappingBackAndForth, which verifies that swapping tokens from A to B and back does not result in a net gain. This single rule would have caught the Balancer V2 exploit. The lesson: verification is only as strong as the properties it checks.
What Changed After the Exploit
Balancer V3's Security Overhaul
Balancer V3, which was unaffected by the exploit, underwent an extensive reassessment in collaboration with Certora. The V3 architecture eliminates the specific rounding vulnerability through:
- Redesigned scaling logic that handles non-integer factors without precision loss
- Formal verification with properties specifically targeting roundtrip swap invariants
- Explicit rounding direction enforcement across all arithmetic operations
Industry-Wide Impact
The exploit accelerated several trends in DeFi security:
-
Runtime enforcement gained traction as a complement to audits. A16z crypto published research on using runtime checks to detect numerical anomalies during transaction execution — catching exploits in real time rather than relying solely on pre-deployment analysis.
-
Rounding-aware testing became a standard audit requirement. Leading firms now include property-based fuzzing specifically targeting iterative rounding accumulation.
-
Safe Harbor frameworks like Balancer's BIP-726 proved their value, providing legal cover for whitehat responders to recover funds quickly without fear of prosecution.
The Deeper Lesson
The Balancer exploit exposed an uncomfortable truth about DeFi security: the most dangerous bugs are not the dramatic ones. Reentrancy attacks are well-understood. Flash loan manipulations have established defenses. But a developer writing // the impact of this rounding is expected to be minimal and moving on — that is the vulnerability that slips through every layer of defense.
As DeFi protocols manage over $100 billion in total value locked, the margin for "expected to be minimal" is zero. A rounding error that loses 1 wei per operation becomes a $128 million exploit when an attacker can execute 65 operations in a single constructor call.
The Balancer incident is a case study in the gap between what we think is negligible and what an adversary can compound into catastrophe. In DeFi, there is no such thing as a harmless rounding error.
BlockEden.xyz builds enterprise-grade blockchain API infrastructure with security-first architecture. As DeFi protocols learn from incidents like the Balancer exploit, robust node infrastructure becomes the foundation for safer on-chain interactions. Explore our API marketplace to build on infrastructure designed for reliability.