Background
The formation of Balancer’s emegency Sub-DAO multisig signers were changed back in June of 2024 via BIP-652. To the ecosystem’s satisfication there has only been several small instances where the emergency sub-dao has had to act by pausing pools and or enabling recovery mode. These instances have exclusively been due to exploits or upgrades happening to tokens and have not pertained to the security of any Balancer smart contracts. This purpose of this post is to expand on the details of the most recent transactions executed to the emergency sub-dao multisigs across all Balancer deployments. Furthermore, we will continue to give updates on at a minimum, a quarterly basis if any actions are taken by our group.
Mainnet Transactions
Shezmu Exploit
Nonce 19 - ShezETH/wstETH. Due to an infinite collateral minting bug, the ShezETH asset was minted excessively and any pools with valuable assets paired against were able to be swapped through and drained. The DAO Multisig was able to pause this pool in turn preserving the funds of those LPs as the exploiter did not drain the pool before pause was enacted. While recovery mode was activated (Nonce - 20) for LPs to exit after, the ShezETH token was paused by the Shezmu team which has since redeployed. Their team deployed migration contracts to allow users to unpause and exit atomically, while others chose to leave the pool via internal balances. Ultimatley this issue did not result in a total loss to Balancer LPs, but a partial loss on any ShezETH which was no longer redeemable 1:1 for ETH.
Lastly, Nonce-21 was used to kill the ShezETH and ShezUSD gauges. ShezUSD/sDAI was past the pause window for ComposableStablePool v5 and could not be paused at the time of this issue.
Related communications from Shezmu.
QuillAudits Deep Dive.
Mellow tren stETH Rate Provider Upgrade
Nonce 22 - Mellow protocol, as a close partner to Balancer has had several deployments throughout Balancer v2, and now v3. During their migration process to Balancer v3, the Mellow team notified Balancer contributors of underlying upgrades occurring on their rate provider contracts. Essentially, the getRate function would revert on several assets in the tren stETH pool. While inherently this would make all swaps revert, in order to exercise maximum caution the emergency sub-dao enabled recovery mode on this pool. This means rates would be ignored, and liquidity providers would be able to exit proportionally in a seamless way. No funds were lost during this migration and upgrade.
Optimism
Bedrock uniBTC Exploit
Nonce 9 - BeethovenX’s uniBTC-wBTC pool was paused due to an exploit in the uniBTC contract. The pool was relatively small holding under $100,000 in assets, however the exploiter was faster than the emergency sub-dao resulting in a near total loss for liquidity providers. The exploit itself was due to a minting issue in the restaking contracts, where 1 ETH could be used to mint an equivalent of 1 uniBTC resulting in a large net gain for the minter/exploiter. The minted uniBTC was then swapped through various Defi protocols resulting in losses for many.