Balancer Blames Rounding Error for $128M Multi-Chain Exploit 🔎 Balancer has identified a rounding error in its swap logic as the cause of the Nov. 3 exploit that drained more than $128M from its Composable Stable Pools across multiple networks, including Ethereum, Base, Arbitrum, Avalanche, and others. > The vulnerability occurred in the upscale function for EXACT_OUT swaps within the v2 vault’s batchSwap feature. > Attackers exploited non-integer scaling factors that caused rounding discrepancies, allowing them to manipulate pool balances and extract funds. > The issue mainly affected Composable Stable v5 pools, while newer v6 pools were automatically paused by Hypernative’s emergency automation. > Several partners, including StakeWise, Berachain, and Sonic Labs, took rapid action to contain the fallout, recovering or freezing a portion of stolen assets. > StakeWise DAO recovered $19M in osETH and $1.7M in osGNO, while Berachain validators implemented an emergency hard fork. Balancer has since disabled its CSPv6 factory, halted liquidity gauges for affected pools, and enabled safe withdrawals. A final verified report with confirmed recovery data will be published after on-chain reconciliation concludes.