Odaily Planet Daily reports that Balancer released a preliminary report on a vulnerability attack on its V2 platform, revealing that Balancer V2's composable stable pool was attacked on multiple chains (including Ethereum, Base, Avalanche, Polygon, and Arbitrum) on November 4th. The vulnerability stems from a rounding logic error in the EXACT_OUT transaction within batchSwap. When the scaling factor is a non-integer value, this function rounds down, allowing attackers to manipulate pool balances and withdraw assets.

This incident only affected Balancer V2's composable stable pools; Balancer V3 and other pool types were unaffected. The Balancer team, along with security partners and white-hat teams, acted swiftly, successfully containing the attack and recovering some assets through measures such as Hypernative automatic suspension, asset freezing, and white-hat intervention under the SEAL framework. Balancer added that it is currently working with security partners such as SEAL and zeroShadow on cross-chain tracing and fund recovery. The final verified loss and recovery data will be published in a full technical review report. The official reminder to users: only obtain confirmed information through official Balancer channels; V3 and non-stable pool operations remain safe.