Mitigation of a Vulnerability in Balancer Affecting Gyro Proto

Published in

gyroscope-protocol

3 min readFeb 7, 2023

tl;dr: a vulnerability in the Balancer v2 vault could have enabled an exploit affecting Gyro Proto reserve assets. No funds were lost. The Gyro Proto design would have limited the extent of an exploit. FTL Labs deployed a temporary workaround until Balancer’s permanent fix was available.

Overview

On 24/01/2023, after the deployment of Gyro Proto, we were informed of a vulnerability affecting the Balancer vault contract. This vulnerability could allow a user to trigger an ETH transfer from the Balancer vault in the middle of an operation whereas this should have been impossible, enabling reentrancy attacks on contracts integrating with Balancer.

This affects Gyro Proto as it holds reserve assets in CLPs, which are Balancer pools. The vulnerability could have allowed an attacker to drain funds from the Gyro Proto reserve via a reentrancy attack.

Specifically, an attacker could have entered a re-entrant state where the inferred price of the corresponding LP shares of any one reserve pool is manipulated; minting/redeeming p-GYD in that state would then have required/yielded an incorrect amount of LP shares corresponding to a given p-GYD amount.

Response and Remediation

Upon notification of the vulnerability, FTL Labs immediately deployed a temporary workaround to prevent exploitation until Balancer provided their official fix. Our development team worked closely with Balancer to ensure that the temporary fix was adequate and the later, permanent fix was correctly deployed. We deployed the permanent fix on 02/06/2023.

Impact

The vulnerability could have enabled an attacker to steal funds from the Gyro Proto reserve. Several factors would have reduced the profitability of such an attack:

(1) Gyro Proto was primarily deployed for code testing and only had a TVL of ~3,000 USD when notified of the vulnerability.

(2) Balancing conditions enforced by the Gyro Proto reserve would have required an attacker to proceed in a sophisticated way.

(3) By design, in a larger TVL setting, Gyroscope in/out-flow circuit breakers (see here, section 4.2) would have detected abnormal activity and paused reserve activity to protect against unknown unknowns.

Technical description of the vulnerability

Balancer’s disclosure of this vulnerability is available here.

The vulnerability concerns the Balancer Vault contract, which is the central entry point for traders to swap tokens and for LPers to enter/exit positions in the Balancer pools. By including ETH in their transaction, an attacker could enter a re-entrant state where the pool’s internal accounting had updated according to the added/removed liquidity but the pool’s balances had not.

Since the LP share price is computed as a function of the reserve balances, divided by the amount of outstanding LP shares, an attacker could redeem an amount of p-GYD for an excessive amount of LP shares as follows:

Step 1: Add liquidity to one of the reserve pools and enter a re-entrant state. The pool’s totalSupply() will have increased, but the pool assets will not, so that the inferred LP share price is under-estimated.

Step 2: Redeem p-GYD against the manipulated reserve vault to receive more LP shares than the p-GYD are actually worth. Note that, due to the balancing conditions enforced by Gyro Proto and the need to manipulate one pool at a time, multiple rounds of specific minting and redemption operations would have been required to successfully drain any significant portion of reserve funds.

An inverse variant of the exploit (minting p-GYD for an excessively small amount of LP shares) would also have been possible.

Mitigation

To mitigate the exploit, first a temporary fix was deployed where LP share prices are computed based on a proxy value called lastInvariant, which is updated at the same time as totalSupply(), rather than the pool balances; this introduces a small inaccuracy in the accounting for fees, but prevents the vulnerability from being exploited. Later, this was replaced by a direct check for re-entrancy against the Balancer vault itself.

Takeaways

Even given otherwise functional code, secondary and tertiary safety measures are important to protect against unknown unknowns, such as composability risk resulting from the interaction with other protocols.
Gyroscope’s flow circuit breakers are one such mechanism and they would have protected the system in a higher-TVL scenario.
In any case, constructive and responsible interaction between protocol developers — such as the Balancer team’s cooperation in this case — is important to mitigate the potential effects of vulnerabilities.