Known-exploit-template selector deployed by any address
Balancer (v2 + v3)'s assessment for RD-F-162 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.
Evidence summary #
Known-exploit-template selector deployed by any address | Applicable: Yes — November 2025 exploit technique is publicly documented | The November 2025 attack pattern (batchSwap sequences exploiting _upscaleArray rounding in v2 ComposableStablePool) is fully documented by Check Point Research, Certora, and Trail of Bits. An exploit template targeting this pattern could be deployed against residual v2 CSP pool TVL. Most v2 CSP pools were drained or paused post-exploit, but residual TVL at $115.8M means remaining pool exposure exists. V3 confirmed unaffected by v2 rounding mechanism (Trail of Bits). Beethoven X (Balancer v2 fork) was also affected in November 2025, confirming the exploit template works against forks. No confirmed new exploit-template contract deployment detected in 30-day assessment window via public sources. Yellow: public template exists and residual v2 TVL is potentially exploitable by a re-deployment; requires bytecode-similarity monitoring to confirm or deny active d
Sources #
- URLhttps://research.checkpoint.com/2025/how-an-attacker-drained-128m-from-balancer-through-rounding-error-exploitation/retrieved 2026-05-05
- https://blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/retrieved 2026-05-05
Methodology #
Determine whether any contract has been deployed containing a function-selector pattern matching a known exploit template targeting protocols of this class.
See the full factor methodology and distribution across all protocols →