Indexed Attack Post-Mortem

How index pools handle new assets

When a token is added to an index pool, we use approximate values with a Uniswap oracle to determine how to price the token within the Balancer pool. This is done to remove any need for the pool to interact with external markets in order to rebalance, and allows tokens to be traded into the AMM before the pool has any balance in them.

Extrapolation of pool value
Derivation of virtual balances

DEFI5 Attack

Transaction
Logs

Small sampling of the swaps executed with the pool.

Moving Forward

The fix for the contract seems pretty straightforward in terms of preventing any future attacks against this mechanism. We will modify the controller smart contracts to remove the approximate value function and replace it with one that takes the combined value of the balances held by a pool in every token it owns. Additionally, the mere fact that it was possible to do both a re-index and a minimum balance update in the same transaction is — in retrospect — unsafe: it should have a minimum wait time of at least a day or two. A lot of Ethereum developers we respect have reached out offering help since the attack occurred, and we will seek out as much feedback on the new code as we can before submitting it for governance approval.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store