Balancer, a decentralized finance (DeFi) protocol operating on the Ethereum blockchain, has recently disclosed a critical vulnerability impacting several of their V2 Pools.
While emergency measures have been implemented successfully to safeguard a significant portion of Total Value Locked (TVL), a portion of funds remains at risk.
As a precautionary measure, Balancer Labs advises users to withdraw their affected Liquidity Provider (LP) funds without delay. It is important to note that, at present, no funds have been lost, and the vulnerability has not been exploited.
Balancer Discovers Critical Vulnerability
According to the announcement, Balancer Labs promptly executed emergency mitigation procedures upon receiving the critical vulnerability report, successfully protecting over 80% of the affected pools. However, approximately 4% of Balancer’s TVL is still exposed to risk.
Balancer has received a critical vulnerability report affecting several V2 Pools.
Emergency mitigation procedures have been executed to secure a majority of TVL, but some funds remain at risk.
— Balancer (@Balancer) August 22, 2023
To address this, the Emergency SubDAO 60 swiftly enacted measures to facilitate proportional exits from all impacted pools and implemented a pause on pools that remain within the designated pause window.
While the funds within the mitigated pools (designated as “mitigated”) are believed to be secure, Balancer Labs advises liquidity providers’ users to migrate their holdings to safe pools or initiate immediate withdrawals.
Pools that could not be fully mitigated are labeled as “at risk,” and LPs who are currently part of these affected pools are urged to exit promptly to ensure the safety of their funds.
Furthermore, Balancer Labs has provided a personalized page on their user interface (UI) to assist users in identifying if their connected wallet is associated with any impacted pools. A streamlined withdrawal process has also been established to guide users through the necessary steps.
Ultimately, Balancer Labs plans to publish a comprehensive post-mortem report, detailing the nature of the vulnerability and the steps taken to address it effectively, aiming to provide users with a clear understanding of the incident and the subsequent mitigation efforts.
Following the vulnerability disclosure, Balancer’s native token, bearing the ticker symbol BAL, has experienced a decline of 2.6% in the past few hours. Presently, the token is trading at a value of $3.475.
Featured image from iStock, chart from TradingView.com