Circuit breaker on price deviation

Balancer (v2 + v3)'s assessment for RD-F-057 — scored red on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

No circuit breaker on rate provider outputs in v2 or v3. Rate values returned by rate providers (Aave, wstETH, ERC-4626, Chainlink) are accepted without any deviation guard relative to a reference source. v2 ComposableStablePool implements a rate cache with configurable cache duration (preventing stale reads) but this is NOT a deviation circuit breaker — it does not reject rates that deviate abnormally from prior values. No maxDeviationBps or priceGuard pattern found in Balancer v2 or v3 core contracts.

Detail #

Template: red = no circuit breaker. The November 2025 $128M exploit involved rounding-direction errors in Stable Math (not oracle circuit breaker failure per se), but the absence of a circuit breaker on rate values was a contributing structural factor — the protocol accepted manipulated pool states unconditionally.

Sources #

GitHub
ComposableStablePoolRates.solComposableStablePoolRates.sol — cache duration but no deviation guardretrieved 2026-05-05
URL
Balancer hack analysis | Trail of BitsTrail of Bits Nov 2025 analysis — no circuit breaker on rate mathretrieved 2026-05-05

Methodology #

Determine whether the protocol halts or reverts if the oracle-reported price deviates by more than X% from a reference within Y blocks.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol balancer factor RD-F-057 score red collected_at 2026-05-05 12:41:36