As the early 2020s rolled in, DeFi had made a mark with numerous crypto enthusiasts—the innovation grew drastically, and Balancer was a perfect example of what the industry could provide. It surfaced in March 2020, a time when Uniswap was the top dog in the automated market maker (AMM) decentralized exchange (DEX) scene. But that didn’t stop Balancer; it set out to do what its predecessors hadn’t.
The protocol reimagined liquidity, not just copying what other AMMs were doing. Balancer was essentially the intersection of an index fund and an exchange. It offered unseen features, like pools with more than two assets, customizable weights for all tokens, and highly dynamic parameters. Simply put, Balancer was flexible, powerful, and composable with other DeFi implementations.
This protocol was every builder’s and yield farmer’s dream when it launched. Balancer exuded what open finance in the blockchain realm should look like with its powerful offerings, including smart pools, boosted integrations, and a community-driven roadmap. The ecosystem was hooked; the project boasted a total value locked (TVL) of $3.5 billion in 2021 and partnered with top DeFi protocols like Yearn, Aave, and more.
Nevertheless, we wouldn’t be here if an implementation of this kind didn’t have a sinister side. Complexity breeds fragility, and under the hood of Balancer’s sophisticated mathematics and contracts lurked massive issues. Attackers wreaked havoc on the platform, and the value it held declined drastically between 2021 and 2023. The problem was that these incidents were preventable. Failures of foresight, governance, and security culture led to repeated exploits, which, at the end of the day, were nothing but betrayals.
The Rise: What Was Promised?
As Balancer launched, it overcame a major setback in DeFi, which was rigidity. Existing, established competitors like Uniswap offered liquidity in pools that were constrained to two assets with equal ratios of 50:50. As DeFi was evolving rapidly, this setup did not meet the needs of savvy users.
Key Features That Made Balancer Stand Out
- Smart pools: The protocol’s pools were one of a kind, offering customizable fees, token weights, and dynamic rebalancing. These aspects were either triggered algorithmically or through governance measures.
- Liquidity mining: Users were rewarded beyond collected fees for staking liquidity in pools through the BAL token and via third-party returns in specialized boosted pools. These incentives supercharged adoption, attracting users in droves from competitors.
- Composable implementation: Balancer’s architecture integrated popular lending implementations like Aave and Yearn, enabling users to unlock yield-bearing tokens that were unavailable on said platforms.
- Governance: A year after the protocol’s launch, BAL holders could call the shots regarding its treasury and roadmap, ensuring total DAO governance.
Balancer promised DeFi users a utopia like no other. Unseen flexibility, enormous rewards, community-led governance, and numerous integrations made it a formidable contender to any AMM DEX at the time. But all these moving parts introduced unneeded complexity. Each of them bred new risks, making it open season for attackers to take advantage.
The Breaking Point—What Went Wrong
Exploit after exploit chewed away at trust. Balancer failed to keep up.
The Read-Only Reentrancy Attack
In June 2020, Balancer’s vaults, which were integrated with a specialized yield-bearing wrapper, specifically the ERC-4626 token, fronted massive vulnerabilities. Essentially, attackers could manipulate balances mid-transaction with the Aave-related aToken and Yearn-related yToken; Balancer assumed state immutability in such scenarios, but that was not the case.
About $500,000 was drained as a result. The protocol failed to keep up its threat modeling to address new attack vectors that had emerged from its innovative boosted pools, which were the reason for its massive adoption in the first place.
The Boosted Pool Vulnerability
While not an attack by any means, at least for a short while, Balancer revealed that it had identified a concerning risk in August 2023 and froze its boosted pools, urging liquidity providers (LPs) to withdraw their funds. While emergency measures were taken in a rushed manner, over $200 million was on the line for cybercriminals to ransack.
Users rightfully questioned how a flaw of this scale could exist, especially when robust audits must’ve flagged it. It turns out that proposals for deeper audits were declined by Balancer’s DAO months ago due to cost concerns.
Active Exploit
Not too long after the protocol disclosed that it spotted a vulnerability and had taken measures to rectify it, attackers swooped in to make away with $900,000 on August 27. Considering Balancer had addressed these cracks, the community questioned how the Balancer boosted pool hack could occur. It was preventable—the protocol failed to take the right action.
The attacker continues with his operation, approx $900K affected, more than $600K moved to this address
0xB23711b9D92C0f1c7b211c4E2DC69791c2df38c1 pic.twitter.com/inNqH4zel2— Meir Dolev (@Meir_Dv) August 27, 2023
Other Incidents That Eroded Trust
The issues were spread far and wide—there were other instances that also unfolded in Balancer’s past. For instance, Balancer failed to set the right parameters for its pools, making room for price manipulations. Beyond that, attackers even launched flash loan exploits by gaming arbitrage mechanics and draining liquidity from pools. Questionable occurrences didn’t end there—rogue DAO members were allowed to launch rug pulls through custom public pools they deployed. The lack of audits allowed them to swindle unsuspecting LPs.
The Fallout—Damage to Protocol, Users, and Trust
As users lost about $3 million collectively, with over $10 million at risk due to poor practices by Balancer, the project suffered tremendous reputational loss. Hacks are common among DeFi protocols, but repeated failures that didn’t evoke any responsibility among the core team made it hard for the community to accept.
Late 2023 marked the Balancer TVL drop, a decline below $600 million from over $3.5 billion the protocol boasted a couple of years ago. While a lot of it could be attributed to market forces and the BAL token collapse, new entrants like Maverick and Ambient siphoned away its users. Established platforms like Curve and Uniswap, due to their robust functioning, also siphoned away Balancer’s users while retaining their own despite new projects making their entry.
Amidst all the chaos, when key contributors had to take action, proposals witnessed low voter turnouts and slow deliberation, with audits, emergency pool freezing, and structural reforms to the Balancer DAO being stalled. The DAO was criticized by its larger community for inaction, hiding behind experimentation, and moral hazard, while its users bore the brunt.
Naturally, many independent security auditors collaborating with the platform cut ties and accused the DAO structure of being unable to make immediate decisions and not prioritizing user protection.
The Analysis—Why Did Balancer Fail?
Balancer’s rise was subdued by threats that were addressable. Let’s take a closer look.
Complexity Without Guardrails
The protocol’s open design ensured that anybody could deploy pools. This turned out to be a nightmare, considering there were no automated safeguards in place and its subpar auditing processes. Better checks could’ve prevented issues from arising.
Overconfidence in Composability
Balancer’s continuous integrations proved to be its downfall. The project witnessed massive adoption by offering better yields, but left security unchecked. Aave and Yearn changed behavior to maintain robustness, but the protocol we’re focusing on didn’t keep up, and its pools became unstable.
Underestimated Threat Modeling
The protocol did not witness zero-day exploits. All of them were foreseeable weaknesses in its design. Security measures addressed core contracts but let edge cases be, allowing attackers to victimize LPs.
Inadequate Governance
Community-led decision-making is a core tenet of DeFi. However, DAOs must be structured to necessitate immediate action. None of this was actualized, resulting in days passing before needed measures could be taken to bridge security gaps.
Moral Hazard and Incentives
At the end of the day, Balancer only operated as infrastructure, while touting to be community-focused. It fronted high yields but left users to absorb all the risks. The financial losses fell on LPs and not the protocol itself.
Lessons for the Crypto Ecosystem
If there’s anything good that came out of the Balancer saga, it was the lessons that the crypto landscape can adopt.
Composability ≠ Safety
Protocols may integrate numerous layers to showcase and offer yields. In theory, that’s great if security measures balance out the risks. But, increased composability breeds growing complexity, leaving a major question to be asked: Should projects really leverage so many integrations?
Security Must be Continuous
Even when thorough audits are conducted, they’re only snapshots of the security at certain points in time. True robustness emerges from ongoing reviews, rapid patches, round-the-clock monitoring, and appropriate risk modeling.
Permissionless Deployments Need Better Tooling
If protocols allow users to deploy use cases, automated audits, safety warnings, and circuit breakers must be implemented. Without necessary safeguards, it’s havoc waiting to occur.
Governance Must Be Agile
When DAOs manage millions in treasuries, fast-tracking security measures is the need of the hour. That can come via emergency councils and delegated authorities. Not having such measures leads to delayed decision-making, by which time attackers would’ve already dipped their hands into the pot.
Transparency Must Include Communication
Projects must institute digestible warnings, risk dashboards, and post-mortems for developers and users alike. Sticking to technical repositories doesn’t cut it in risky financial landscapes.
Innovation Debt Is Real
With each new feature deployed, innovation debt gets added in the form of overheads driven by security, monitoring, and governance processes. If innovation outgrows capacity, safety takes a hit, and the debt takes on a new pathway—exploits.
Balancer: A Protocol Too Smart for Its Own Good?
What happened with Balancer may seem like multiple exploits doing all the damage. But it’s more than that. It’s about an implementation that got too complex and aimed for too much without observing the right diligence. The protocol turned out to be a victim of its own success; the composability it was celebrated for led to the risks that tore it down.
The betrayal at play was more than bad actors taking turns to exploit vulnerabilities, highlighting the extent of composability risks in crypto. It was more systemic—governance processes that could not keep up with smart pool vulnerabilities and security measures that failed to address the openness provided.
The Balancer protocol controversy is etched in stone. Whether the AMM DEX can rise back to glory remains a question.
