In a close call that could have resulted in a catastrophic event for the decentralized finance (DeFi) protocol, Balancer has warned that $2.8 million remains at risk following the discovery of a critical vulnerability on August 22.
As per the announcement on August 24, users are urged to “withdraw as soon as possible” if they have linked their wallets to the affected liquidity provider pools (LPs).
The vulnerability affected several pools across eight blockchains, including Ethereum, Polygon, Arbitrum, Avalanche, Gnosis, Fantom, and zkEVM.
Critical vulnerability detected across multiple blockchains
Balancer’s team was tipped off to the vulnerability, which initially put 1.4% of the protocol’s total locked value, worth $11.7 million at the time, at risk. The affected liquidity provider pools (LPs) were quickly locked, and a dedicated user interface was established to allow users to determine if their funds were at risk and to facilitate the withdrawal of affected tokens.
On the day of discovery, Balancer stated that 4% of its $669 million total value locked (TVL) was affected. The developers managed to mitigate 80% of the critical vulnerability, but $5.6 million of funds remained at risk at that time. The affected assets included those on the Balancer mainnet and several other networks.
Swift response lauded by experts, but funds remain at risk
The swift and effective response by Balancer’s team earned praise from developer experts. Crypto researcher Laurence Day called Balancer’s handling of the situation a “perfect example of critical vulnerability disclosure done well.” Marc Zeller, the founder of the Aavechain Initiative, also commended Balancer’s “excellent communication.”
In less than a day since Balancer sent the first warning tweet, liquidity providers withdrew over $200 million from Balancer pools. The total value locked in the platform dropped from $840 million to $638 million. Despite these efforts, some funds remain at risk in the affected pools.
The incident has led to a broader discussion about the importance of transparency and responsible disclosure in the crypto community, setting an example of how critical vulnerabilities can be addressed without causing panic or providing opportunities for malicious actors.