Divide-before-multiply pattern

Balancer (v2 + v3)'s assessment for RD-F-016 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The Nov 2025 exploit involved a rounding-direction error in FixedPoint.mulDown() within _upscaleArray — analogous to the divide-before-multiply class (precision loss favoring attacker). Certora post-exploit analysis confirmed 'rounded down when it should have been rounded up.' While not a literal Slither divide-before-multiply detector hit, the underlying precision-direction issue is the same root cause. This class of arithmetic precision error has caused two exploits (2023 $2.1M, 2025 $128M). No published Slither divide-before-multiply specific finding available; scored yellow based on confirmed exploit evidence of the same pattern.

Sources #

URL
Certora: Breaking Down the Balancer Hackhttps://www.certora.com/blog/breaking-down-the-balancer-hackretrieved 2026-05-05
URL
Check Point Research: _upscaleArray mulDown exploitation mechanismhttps://research.checkpoint.com/2025/how-an-attacker-drained-128m-from-balancer-through-rounding-error-exploitation/retrieved 2026-05-05

Methodology #

Determine whether Slither's `divide-before-multiply` detector fires on the deployed verified source.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol balancer factor RD-F-016 score yellow collected_at 2026-05-05 12:41:36