The $128M Rounding Error: How a Sub-Penny Math Bug Drained DeFi's Oldest AMM Across Nine Chains
Eight wei. That is roughly 0.000000000000000008 of a token — a quantity so small it has no meaningful dollar value. Yet on November 3, 2025, an attacker turned rounding errors at that scale into $128 million in stolen assets, draining Balancer's Composable Stable Pools across nine blockchains in under thirty minutes.
The Balancer V2 exploit is now the largest single-vulnerability, multi-chain DeFi exploit in history. It wiped 52% of Balancer's total value locked overnight, survived more than ten security audits by the industry's top firms, and forced one chain — Berachain — to execute an emergency hard fork just to claw back funds. The vulnerability? A single line of code that rounded in the wrong direction.
How Balancer Pools Work — and Where They Broke
Balancer V2 uses a concept borrowed from Curve's StableSwap model: a mathematical invariant called D that represents the total value locked in a pool. Every time a user swaps tokens, the protocol recalculates D to ensure the pool remains balanced. The price of Balancer Pool Tokens (BPT) — the LP tokens users receive when depositing liquidity — is derived directly from this invariant: BPT price = D / totalSupply.
Before calculating D, the protocol must normalize token balances to a common precision using scaling functions. This is where the fatal flaw lived.
The _upscaleArray function used mulDown (rounding down) when converting raw token balances to scaled values. For normal-sized balances — thousands or millions of tokens — rounding down by a fraction of a wei is irrelevant. But when a token's balance is pushed to the boundary of just 8–9 wei, Solidity's integer division turns that tiny rounding error into a massive relative distortion.
At 8 wei, rounding down by even 1 wei represents a 12.5% precision loss. Feed that distorted balance into the invariant calculation, and D drops. When D drops, BPT price drops. When BPT price drops artificially, an attacker can buy cheap and redeem at full value.
The Attack: 65 Micro-Swaps in a Single Transaction
Check Point Research's blockchain monitoring system flagged the exploit at 07:46 UTC on November 3, 2025. By then, the attacker's smart contract was already executing a devastating sequence.
The attack unfolded in three stages, all packed into a single batchSwap transaction containing 65 swap operations:
Stage 1 — Push to the boundary. The attacker swapped large amounts of BPT for underlying tokens, deliberately draining one token's pool balance down to the critical 8–9 wei threshold. At this balance, every subsequent operation involving that token would trigger maximum precision loss.
Stage 2 — Compound the error. With one token pinned at the rounding boundary, the attacker executed rapid small swaps. Each swap triggered the _upscaleArray function to round down during scaling, causing the invariant D to be systematically underestimated. A single swap's precision loss was negligible. But across 65 operations within the same batchSwap call, the losses compounded dramatically — enough to artificially suppress BPT price well below its true value.
Stage 3 — Buy low, redeem high. The attacker purchased BPT at the suppressed price, then immediately redeemed those tokens for the underlying assets at full value. The difference between the manipulated price and the real price was pure profit.
The entire sequence — from first swap to final drain — took less than thirty minutes. The attacker deployed custom smart contracts with the exploit logic baked into the constructor, meaning the attack executed automatically upon deployment with no further interaction required.
Nine Chains, One Bug
What elevated this from a serious exploit to a historic one was the blast radius. The same vulnerable code ran on every chain where Balancer V2's Composable Stable Pools were deployed:
- Ethereum — the largest pools and heaviest losses
- Arbitrum — significant liquidity drained
- Base — Coinbase's L2 hit
- Optimism — OP Stack pools emptied
- Polygon — long-standing pools targeted
- Avalanche — C-Chain pools compromised
- Gnosis — smaller but still affected
- Berachain — newly launched chain hit hard
- Sonic — the newest deployment, also vulnerable
The attacker didn't need nine different exploits. They needed one — deployed nine times. Balancer's shared codebase, which enabled efficient multi-chain deployment, became the vector for simultaneous multi-chain destruction.
Importantly, other Balancer pool types (Weighted Pools, Managed Pools) and the newer V3 protocol were completely unaffected. The bug was specific to the Composable Stable Pool math.
The TVL Collapse
Before the exploit, Balancer V2 held $442 million in total value locked. Within 24 hours, that number cratered to $214 million — a 52% freefall. As news spread and liquidity providers rushed to withdraw from unaffected pools out of caution, TVL continued sliding to roughly $182 million in the following weeks.
For a protocol that had been a pillar of DeFi since 2020, the drop was devastating. Balancer had weathered the 2022 bear market, the Terra collapse, and the FTX implosion. A rounding error did what macro catastrophes could not.
Recovery: Hard Forks, White Hats, and $33M Clawed Back
The aftermath produced one of the more dramatic recovery efforts in DeFi history.
Berachain's emergency hard fork. The newly launched chain took the most aggressive action: validators coordinated an emergency hard fork that froze the attacker's funds on-chain. A self-identified white-hat operator returned the $12.8 million in stolen Berachain assets, enabling full recovery for affected users on that chain.
StakeWise's direct recovery. The liquid staking protocol executed a contract call through its emergency multisig to recover approximately 5,041 osETH ($19.3 million) and 13,495 osGNO ($1.7 million) — representing 73.5% of its stolen osETH.
Community white-hat efforts. Additional recoveries brought the total clawed back to approximately $33 million, reducing net losses to roughly $95 million.
The remaining funds — primarily on Ethereum and Arbitrum — were converted to ETH by the attacker and remain in identified wallets. Whether they will be recovered through negotiation, legal action, or bug bounty offers remains uncertain.
Ten Audits, Zero Catches
The most uncomfortable truth about the Balancer exploit is this: the code had been audited more than ten times by the industry's most respected security firms, including OpenZeppelin, Trail of Bits, and Certora.
In 2022, Certora formally verified key solvency properties in Balancer V2. But those formal proofs specifically did not cover rounding-direction risks in the scaling functions. The verified properties proved that pools couldn't be drained under normal conditions — but "normal conditions" didn't account for an attacker deliberately pushing a token balance to 8 wei.
Trail of Bits noted after the exploit that rounding issues had been flagged in earlier audits but were not prioritized as high-risk. The reasoning was understandable at the time: individual rounding errors produce negligible losses. No one modeled what happens when 65 of them compound in a single atomic transaction.
This mirrors a pattern the DeFi industry keeps relearning. Audits are scoped reviews — snapshots of specific code at specific moments. They test known attack patterns and verify specific properties. They are not guarantees. When protocols evolve, when new pool types are added, when code is deployed to new chains, the gap between what was audited and what is running in production grows silently.
The "Spec Is Law" Thesis
The Balancer exploit has become a case study for advocates of formal specification — the practice of writing mathematical definitions of how a protocol should behave before writing the code itself.
The argument, championed by firms like a16z and Certora, is straightforward: if Balancer had maintained a formal specification stating "rounding must never cause D to decrease by more than X% per operation" or "the cumulative rounding error across N swaps must remain bounded," the vulnerability would have been caught during verification rather than in production.
The canonical invariant used in most DeFi audits — "rounding must favor the protocol" — proved insufficient. It captures the direction of rounding but not the magnitude of accumulated error across multi-operation flows. A spec-first approach would force protocol designers to define and defend every mathematical invariant their system relies on, including edge cases at extreme balance ranges.
Whether this approach scales to the pace of DeFi development is an open question. Writing and maintaining formal specifications requires significant investment. But as the Balancer exploit demonstrated, the cost of not doing so can be nine figures.
What This Means for DeFi Security
The Balancer exploit crystallizes several trends reshaping how the industry thinks about protocol security:
Shared codebases amplify risk. Multi-chain deployment is efficient, but it means a single vulnerability becomes a multi-chain catastrophe. Protocols deploying across chains need chain-specific monitoring and the ability to pause individual deployments independently.
Precision arithmetic is a first-class security concern. Rounding errors are not minor bookkeeping issues. In protocols managing billions in TVL, sub-penny precision losses can be weaponized. Every scaling, normalization, and conversion function needs explicit rounding-direction analysis.
Batch operations need bounded-loss guarantees. The batchSwap function was designed for gas efficiency — allowing multiple swaps in a single transaction. But it also allowed errors to compound without intermediate validation. Future implementations should include invariant checks between batch operations, not just at the beginning and end.
Continuous security beats point-in-time audits. Trail of Bits's post-mortem emphasized that the industry needs to move from isolated audit engagements to continuous security partnerships — including ongoing fuzzing, formal verification of evolving codebases, and real-time monitoring with automated pause capabilities.
Recovery infrastructure matters. Berachain's ability to hard-fork and freeze funds, and StakeWise's emergency multisig recovery, saved $33 million. Protocols and chains that invest in incident response infrastructure before they need it are better positioned when the inevitable exploit arrives.
The Balancer V3 Question
One silver lining: Certora confirmed that Balancer V3's architecture is not affected by this vulnerability. The V3 redesign addresses the scaling inconsistencies that enabled the exploit, suggesting the Balancer team had already identified precision handling as an area for improvement — even if the specific attack vector wasn't anticipated.
For liquidity providers weighing a return to Balancer, V3 adoption becomes the critical metric. The protocol's long-term viability depends on whether it can migrate remaining V2 liquidity to the safer architecture before confidence erodes further.
The Lesson That Keeps Repeating
DeFi has now lost over $2 billion to flash loan attacks and mathematical exploits since 2020. The Balancer exploit is the starkest illustration yet of a pattern the industry cannot seem to break: tiny arithmetic bugs, invisible to auditors and overlooked for years, become nine-figure disasters when an attacker finds the right sequence of operations to compound them.
Eight wei of rounding error. $128 million stolen. Nine chains compromised. Ten audits bypassed. Thirty minutes from first swap to last drain.
The numbers tell a story that the DeFi industry can no longer afford to ignore: in a system where code is law, every rounding decision is a security decision.
BlockEden.xyz provides enterprise-grade RPC and API infrastructure across multiple blockchain networks, with built-in monitoring designed to detect anomalous on-chain activity. As DeFi protocols grapple with cross-chain security challenges, reliable infrastructure with real-time observability becomes essential. Explore our API marketplace to build on foundations designed for security-first development.