On November 3, 2025, the Balancer V2 exploit resulted in over $120 million in losses. This incident exposes systemic gaps in how smart contract security is approached.
On November 3, 2025, the Balancer V2 exploit resulted in over $120 million in losses. OpenZeppelin has since published a detailed post-mortem analyzing the vulnerability and attack vector.
This incident, like other major exploits, exposes systemic gaps in how smart contract security is approached: the limitations of point-in-time audits, the challenges of detecting complex vulnerability patterns, and the difficulty of maintaining security as protocols evolve.
OpenZeppelin's analysis revealed a detail that should concern every protocol team:
Ten days between the final security audit and the introduction of a $120 million vulnerability. The code that enabled the exploit (ComposableStablePool with its overridden _scalingFactors function) was never reviewed by OpenZeppelin or any other auditor.
The original Balancer StablePool implementation contained a prescient warning in the _upscale function:
"Upscale rounding wouldn't necessarily always go in the same direction... as the impact of this rounding is expected to be minimal (and there's no rounding error unless _scalingFactor() is overridden)."
The developers understood the risk. They documented it clearly. When ComposableStablePool was introduced on September 20, 2021, it overrode _scalingFactors to include exchange rates, violating the documented assumption.
When an attacker manipulated pool liquidity to extremely low levels and used carefully chosen amounts, the rounding behaviour became catastrophic:
amount: 17
scalingFactor: 1058132408689971699 (representing a ~5.8% exchange rate)
Expected result: 17.98
Actual result: 17 (truncated by Solidity's integer arithmetic)
The entire 5.8% exchange rate adjustment vanished due to truncation. By repeating this pattern hundreds of times through Balancer's batchSwap mechanism, the attacker drained the pools.
This vulnerability reveals four critical weaknesses in the traditional audit model:
Audits are snapshots frozen in time. Code changes after an audit receive no scrutiny until the next scheduled audit. Balancer's ten-day gap was enough for a critical vulnerability to slip through.
Balancer engaged four different audit firms, each reviewing different scopes. The interaction between audited code (_upscale) and new code (_scalingFactors override) created a vulnerability at the boundaries.
The original code comment explicitly warned against overriding _scalingFactors. This crucial institutional knowledge lived in documentation, not in enforceable systems.
Modern DeFi protocols iterate rapidly. Between July and September 2021, Balancer introduced three major pool types in three months. All introduced the vulnerable pattern. None were in audit scope.
We ran SafeStackAI's multi-agent vulnerability detection system against the ComposableStablePool code. Here's what it identified:
Our system correctly identified all five critical components:
mulDownbatchSwap as the attack amplification vector
The Balancer exploit wasn't a single bug. It was an interaction between multiple components. Traditional pattern-matching tools look for known vulnerability patterns in isolation. SafeStackAI analyzes how functions interact across contracts and under what conditions those interactions become exploitable.
Catching this vulnerability required understanding fixed-point arithmetic truncation, how exchange rates amplify rounding errors, and how iteration compounds small errors into large profits. This isn't pattern matching. This is semantic understanding of economic invariants.
We can move from periodic security validation to continuous security assurance. SafeStackAI is built on a simple premise: security should evolve with your code, not lag behind it.
SafeStackAI is currently in closed beta. If you're interested in bringing continuous security to your protocol, reach out to contact@safestackai.com to request access.
Get continuous security analysis with AI-powered vulnerability detection
Get Started