defirisk.co
rubric v1.7.0

Value DeFi: Bancor Power Function Misuse (Weighted AMM Invariant Bypass)

Value DeFi lost $11M — its third hack in six months — because its weighted AMM used a Bancor power function with an undocumented precondition that the swap logic never enforced, letting attackers bypass the invariant entirely on any non-50/50 pool.

Occurred 2021-05-08 Loss $11M Status closed

Summary #

Value DeFi suffered a AMM / Yield Aggregator on 2021-05-08, resulting in a loss of approximately $11M.

What happened #

Value DeFi lost $11M — its third hack in six months — because its weighted AMM used a Bancor power function with an undocumented precondition that the swap logic never enforced, letting attackers bypass the invariant entirely on any non-50/50 pool.

Linked factors #

  • RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]
  • RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Y — Bancor formula adapted; Uniswap V2 base with weighted pool extension]