Security Agency: The Balancer attacker conducted an invariant attack on BPT price calculation or is the main reason for asset theft

The on-chain tracking platform BlockSec Phalcon, under the security agency BlockSec, stated on platform X that "Balancer and several of its fork projects were attacked a few hours ago, resulting in losses of over $120 million across multiple chains. This was an extremely complex attack. Preliminary analysis indicates that the root cause was the attacker's manipulation of the invariant in the BPT price calculation, distorting the BPT price calculation and allowing the attacker to profit from a single batch transaction from a specific stablecoin pool.

Taking the attack transaction on Arbitrum as an example, the batch swap operation can be broken down into three stages: 1. The attacker exchanges BPT for the underlying asset to precisely adjust the balance of one token (cbETH) to be close to the rounding boundary (amount = 9). This creates conditions for precision loss in the next step; 2. The attacker then uses a pre-constructed amount (= 8) to swap between another underlying token (wstETH) and cbETH. Due to the rounding down of token amounts during scaling, the calculated Δx slightly decreases (from 8.0.918 to 8), resulting in an underestimated Δy, which causes the invariant (D) in Curve's StableSwap model to also decrease. Since BPT price = D / total supply, the BPT price is artificially suppressed; 3. The attacker then reverses the exchange of the underlying asset back to BPT, restoring the balance while profiting from the drop in BPT price.