【ChainNews Featured】How was the DeFi project Balancer attacked through liquidity mining?
The decentralized exchange platform Balancer, which has been attracting attention for its "liquidity mining" activities, was attacked the night before. Balancer Labs has released a statement regarding the attack, providing an initial explanation of the reasons behind the attack and the subsequent actions to be taken.
Table of Contents
Note: Balancer officially announced on the 29th that they will fully compensate the losses of liquidity providers.
After thorough discussions with the community, the Balancer Labs team decided that it will fully reimburse all the liquidity providers who lost funds in the attack of yesterday. We will also pay out the highest bug bounty available for @Hex_Capital
More details on the…
— Balancer Labs (@BalancerLabs) June 29, 2020
Written by: Balancer Labs
On the eve of the highly anticipated decentralized exchange platform Balancer launching "liquidity mining," the platform suffered an attack. Two liquidity pools on the platform, STA and STONK, were hit by a flash loan attack, resulting in a loss of $500,000. The liquidity of these two tokens pools has now been depleted. Both STA and STONK tokens are deflationary tokens.
Following the loss, Balancer Labs issued an explanation about the attack, providing initial insights into the cause of the attack and the subsequent actions taken.
Balancer can also be seen as a non-custodial portfolio management service, founded in 2018 as a project under the analysis company BlockScience. Inspired by Uniswap, Balancer identified a unique opportunity to mobilize scattered liquidity and developed a protocol composed of multiple public and private liquidity pools. Balancer is essentially a generalized implementation of Uniswap's automated market maker (AMM) model, and this concept has sparked widespread interest among participants in the open finance ecosystem. The project recently completed a $3 million seed round led by Accomplice and Placeholder, with participants including CoinFund and Inflection.
After the platform went live, Balancer Labs introduced a token mechanism called "liquidity mining," proposing the introduction of the community governance token BAL (Balancer Governance Tokens). In June, they officially began implementing the "liquidity mining" token mechanism, aiming to provide economic incentives to early adopters of the Balancer protocol by injecting their token, BAL, to encourage more liquidity providers to join and participate in community governance. The total supply of BAL is 100 million, with 25 million allocated to founders, core developers, advisors, and investors, all with certain lock-up periods. The remaining 75 million tokens are planned to be distributed to users providing liquidity for Balancer pools, with a weekly distribution totaling 145,000 BAL tokens and a yearly total of 7.5 million BAL tokens — a process known as "liquidity mining."
Below is Balancer Labs' preliminary explanation regarding the attack on the STA and STONK liquidity pools on the Balancer platform:
Today, a severe flash loan attack occurred on Balancer, where the attacker drained funds from two pools containing tokens with transfer fees (sometimes referred to as deflationary tokens or tokens with transfer fees). The tokens in the two pools affected by the attack were STA and STONK (note: this attack only affects pools that charge these tokens as transfer fees).
Analysis of the attack principle is described as follows:
1. Borrow ETH from dYdX through a flash loan and convert it to WETH;
2. Trade WETH and STA continuously;
3. With each trade, STA incurs a transfer fee, while the pool hopes to maintain a balance without charging any fees;
4. After a sufficient number of calls, the attacker calls the gulp function, which synchronizes the internal pool ledger recording token balances to the actual balances stored in the token tracker contract;
5. Since the STA balance is close to zero, its price is very high compared to other token prices, allowing the attacker to exchange assets in the pool with STA at a very low cost.
We were not aware that this specific type of attack was possible, but warnings about tokens with transfer fees were posted in Balancer Protocol's documentation, Discord, and other channels, indicating that ERC-20 tokens with transfer fees could have unexpected impacts on the protocol. This is also why STA was not included in the recent summary of BAL mining whitelist. Our system is designed based on the ERC-20 token standard, and adverse situations may arise when tokens exhibit unexpected behavior. Additionally, Balancer is a permissionless protocol, meaning attackers can add "malicious" or "destructive" tokens at the contract level.
Next steps:
1. We will start adding tokens with transfer fees to the UI blacklist, similar to what we did for "non-bool" transfer tokens previously. It should be noted that our blacklist is not exhaustive, and any new tokens could be added to Balancer at any time;
2. We will add more documentation explaining how the pools operate and how "destructive" tokens or carefully designed "malicious" tokens deplete assets from pools and outline the related risks;
3. Balancer has undergone two full audits and the planning for the third full audit is already underway (before today), with the third full audit expected to start soon. We will continue to review and audit the protocol.
This article is authorized and reprinted by ChainNews (ID: chainnewscom)
Related
- Ignas: Korean projects repeatedly create bullish market miracles, optimistic about Story sparking another trend
- Vitalik reveals annual salary: 182,000 Singapore dollars, Ethereum Foundation's expenditure details fully disclosed
- Solana-based derivative trading platform Drift launches prediction market BET, can holding bets also generate profits?