Editor's Note: This article comes fromChain News ChainNews (ID: chainnewscom)Editor's Note: This article comes from
Chain News ChainNews (ID: chainnewscom)
, by Balancer Labs, published with permission.
The high-profile decentralized trading platform Balancer, which is carrying out "liquidity mining", was attacked the night before. The two liquidity pools STA and STONK on the platform were attacked by flash loans and lost 500,000 US dollars. The liquidity of the coin pool has been exhausted. Both STA and STONK tokens are deflationary tokens.After the loss occurred, Balancer Labs issued a statement about the attack, initially explaining the cause of the attack and how to deal with it.Balancer, which can also be considered a non-custodial portfolio management service, was founded in 2018 as a project of analytics firm BlockScience. Inspired by Uniswap, Balancer identified a unique opportunity to mobilize fragmented liquidity and developed a protocol consisting of multiple public and private liquidity pools. Balancer is essentially
Is a generic implementation of Uniswap's Automated Market Maker (AMM) model, and the concept has aroused widespread interest among participants in the open finance ecosystem. The project recently closed a $3 million seed round led by Accomplice and Placeholder, with participation from CoinFund and Inflection.After the project went live, Balancer Labs launched
The Token Mechanism of "Liquidity Mining"
, introduced the proposal of the community governance token BAL (Balancer Governance Tokens), and officially implemented the "liquidity mining" token mechanism in June, trying to use the injection of its token BAL to provide economic incentives for early adopters of the Balancer protocol To promote more liquidity providers to join and participate in community governance. The total supply of BAL is 100 million, of which 25 million are allocated to founders, core developers, advisors and investors, and a certain unlock period is set, and the remaining 75 million tokens are planned to be allocated to the Balancer fund pool Users who provide liquidity distribute a total of 145,000 BAL tokens per week, totaling 7.5 million BAL per year—a process known as “liquidity mining.”
The following is a preliminary statement issued by Balancer Labs about the attack on the two liquidity pools of STA and STONK on the Balancer platform:
In a severe flash loan attack on Balancer today, the attacker withdrew funds from two liquidity pools containing tokens with transfer fees (sometimes called deflationary tokens). Tokens, or deflationary tokens), the tokens in the two flow pools under attack are STA and STONK (note: this attack will only affect the flow pools that charge these tokens as transfer fees).
The analysis and description of the attack principle is as follows:
1. Borrow ETH from dYdX through flash loan and convert it to WETH;
2. Continuously trade WETH and STA;
3. For each transaction, STA needs to pay a transfer fee, and the fund pool hopes to obtain the balance without charging any fees;
4. After enough calls, the attacker calls the gulp() function, which can synchronize the internal pool ledger that records the token balance to the actual balance stored in the token tracker contract;
5. Since the STA balance is close to zero, its price is very high compared to other token prices. At this time, the attacker can use STA to exchange other assets in the fund pool at a very low cost.
We don't know that this particular type of attack is possible, but there are warnings posted in Balancer Protocol's documentation, Discord, and other channels that ERC-20 tokens with transfer fees may surprise the protocol Influence. To be sure, this is also why we did not include STA in the most recent aggregated BAL mining whitelist. Our system is designed according to the ERC-20 token standard, and when tokens exhibit unexpected behavior, bad things can happen. At the same time, Balancer is a permission-free protocol, which means that attackers can add "malicious" tokens or "destructive" tokens at the contract level.
The next step of the job:
1. We will start adding tokens with transfer fees to the UI blacklist, just like we did previously for "no bool" transfer tokens. It should be noted that our blacklist is not exhaustive, and any new tokens may be added by Balancer at any time;
