The Balancer automated market maker protocol has been hacked for over $500,000 in a single Ether (ETH) transaction, facilitated once again by a dYdX flash loan.

As analyzed by the 1inch.exchange team a few hours after the incident, a carefully crafted transaction
taking more than 8 million gas, or about two thirds of an Ethereum
block, stole over $500,000 in Ether, Wrapped Bitcoin (WBTC), Chainlink (LINK) and Synthetix (SNX) tokens.


Taking advantage of programmed burn


Timestamped at 6 PM UTC on Sunday, the transaction begins with a flash loan from dYdX for 104,000 ETH, or about $23 million.

The
exploit relied on Statera (STA), a deflationary token where 1% of every
transaction is automatically burned. Balancer’s smart contracts seem to
have failed to account for this, thus expecting that each transaction
would be for the full amount.

The hacker exploited this by
exchanging back and forth between Statera and Ether 24 times. At each
step, the STA balance available to the contract diminished by 1%, but
the smart contract did not account for this. Thus, the price of STA
remained stable despite the dwindling supply.

As noted by Balancer’s disclosure,
at the end of this procedure the attacker called a function that
updated the price based on the effective pool balance. Since the STA
side was empty, it was suddenly priced at a huge premium.

The
hacker used a “weiSTA,” or one billionth of a token, to swap for other
assets on the platform, including ETH, BTC, LINK and SNX. Due to the
burn mechanism, the weiSTA was never actually exchanged, which allowed
the hacker to perform the transfer multiple times until all STA pools
were dried.

They then exchanged the remainder of the STA to Balancer Pool tokens and cashed them out to Ether with Uniswap.


Security practices called into question


The
Balancer team is being accused by a security researcher and the STA
team for ignoring a bug report submitted almost two months before.
Balancer’s CTO, Mike McDonald, confirmed
the existence of the report, claiming that the issue outlined in it was
essentially unexploitable and blaming flash loans for the incident. It
is worth noting that any exploit made possible by a flash loan is also
vulnerable to hackers with significant funds.

In a subsequently deleted tweet, McDonald appears to have taken responsibility for the bug.



Cointelegraph
obtained screenshots from the STA team that further suggest that
Balancer was keenly aware of the issue with transfer-fee tokens like
Statera just days before the incident.



While Balancer took precautions with the STA pool by not including it in the liquidity mining program,
it is unclear why the issue was not fixed at a smart contract level. At
the same time, the protocol is permissionless and anyone can add new
pools at their own risk. This would be similar to an incident that
occurred on Uniswap during the dForce hack, where a pool created against the team’s advice was simultaneously hacked.

The Statera team nevertheless believes the risks were not adequately disclosed, with a representative saying:


“The only warning they have is on their website which suggests that the project is in beta and all funds are at risk.”

While
Balancer documentation does mention risks for Statera-like tokens, they
only involve “arbitrage opportunities.” The Statera representative said
that “[we] wouldn't have gone with Balancer if we knew we were at risk
for such an attack.”

Cointelegraph reached out to Balancer to learn more, but did not immediately receive a response.