Euler Hack Post-Mortem


The Euler boosted pool is a stable pool that contains 3 linear pool tokens. Each linear pool token facilitates swaps between two correlated tokens along a linear price curve. The three linear pools in the Euler Boosted Pool were bb-e-dai, bb-e-usdc, and bb-e-usdt, all of which contained the base asset along with the eToken counterpart (i.e. bb-e-usdt = USDT & eUSDT). The goal of boosted pools is to keep unwrapped liquidity within a certain range to allow for swaps to be facilitated while a portion of pool liquidity is held in yield bearing strategies, in this case eTokens.
Read more about Boosted Pools, here


On March 13, members of the Emergency subDAO were informed of an active exploit on the Euler lending protocol. At the time of the event, there was around $23m TVL in the Boosted Euler Stablepool, which is a stableswap 3pool in which a portion of deposits are held in their respective eTokens, earning yield from Euler. A 3rd party post-mortem of the Euler exploit by Peckshield can be found here

As quickly as possible, affected pools were paused and put into recovery mode, preventing joins and swaps from happening while allowing users to withdraw their liquidity.

Listed below are the balances of each linear pool at the time of the Euler exploit at block 16817996 and the current balances left in the pools post pause.

  • bb-e-usdc

    • Block 16817996: 4,964,853.00 USDC & 5,929,843.00 eUSDC
    • Current: 3,039,618.11 USDC & 5,929,843.00 eUSDC
  • bb-e-usdt

    • Block 16817996: 1,883.00 USDT & 1,041,171.85 eUSDT
    • Current: 200.07 USDT & 1,041,171.85 eUSDT
  • bb-e-dai

    • Block 16817996: 6,308,923.00 DAI & 4,930,752.36 eDAI
    • Current: 3,166,824 DAI & 4,930,752.36 eDAI

At the time of the exploit, bb-e-USD held ~$23.2m in liquidity, ~$12m of which were deposited in Euler, and ~$11.2m held in the Balancer Vault by the pools themselves. Approx. â…” of the liquidity in the bb-e-USD pool was deposited in other pools, the most relevant of which are the following

  • 50wstETH-50bb-euler-USD
  • DOLA-bb-e-USD-BPT
  • 50TEMPLE-50bb-euler-USD
  • 50rETH-50bb-euler-USD

As a direct consequence of the exploit, assuming eDAI, eUSDC and eUSDT being worth $0, LPs in those pools lost between 15% and 52% of the value in their positions. Before the Balancer team learned about the exploit, some LPs reacted quickly to the news and withdrew their positions in a single asset, effectively dumping their share of bb-e-USD in those pools, further increasing remaining LPs losses to values that range between 34% and 66% (again assuming eTokens worth $0).

With the pools having been put in emergency pause and recovery mode, funds were secured and no further value could be leaked to arbitrage. The Balancer UI was quickly updated to handle recovery exits, allowing users to withdraw their liquidity from the pools paired against bb-e-USD.

However, soon after the exploit, Euler paused transferability of all eTokens. This made recovery withdrawals from bb-e-USD impossible as the transfer would revert. Although we hope to see these tokens become transferable again so we can immediately support withdrawals, we are prepared to offer an alternative solution that utilizes a unique feature of the Balancer vault called internal balances, which allows users to withdraw from liquidity pools to internal accounting–skipping any need for onchain erc20 transfers. After withdrawing to internal balance, users can withdraw transferable assets from the Balancer Vault. No further onchain action is needed by Balancer governance or the Emergency subDAO in order for users to withdraw funds.

Holders of bb-e-usd, who are also holders of the individual linear pools tokens above, will be able to claim these assets proportional to their bb-e-usd holdings when eToken transferability is enabled or we support internal balance withdrawals on the UI.

Like any liquidity pool (without circuit breakers), a pool is only as safe as its least secure token. In this case, the Euler eTokens inside the linear pools no longer represented claim to any real assets.

Balancer smart contracts remain secure and unaffected. Linear pools and their boosting capabilities will continue to be offered as a liquidity building block. When building upon or interacting with these primitives, it’s important to understand that if the source of yield is not secure, the entirety of the linear pool funds are at risk.

Lessons learned

The Emergency subDAO and ecosystem acted quickly to pause and put in recovery mode the affected pools, but there is always room for improvement. Here’s the measures that will be proposed or taken to decrease response time in the case of similar events in the future:

  • Review the set of permissions granted to the Emergency subDAO to ensure it has the power to pause and put in recovery mode all types of pools
  • Implement infrastructure to automatically keep track and allow for quick initialization of pausing procedures for lists of pools:
    • deployed by a set of factories; or
    • containing a set of tokens