Vulnerability found in some pools

Balancer Labs received a report of a critical vulnerability affecting a number of pools. We were able to mitigate over 80% of these; the remaining funds at risk represent about 4% of Balancer TVL.

As of the writing of this post, this vulnerability has not been exploited, and no funds have been lost.

In response, the Emergency SubDAO acted to enable proportional exit from all affected pools, and pause any pools still within the pause window.

We believe funds in the mitigated pools (labeled “mitigated”) are safe, but nevertheless strongly recommend timely migration to safe pools, or withdrawal. Pools that could not be mitigated are labeled “at risk”. If you are an LP in any of these pools, please exit immediately.

We’ve provided a personalized page on the user interface to determine whether the connected wallet is an LP in any affected pools, and a streamlined process to guide you through withdrawals.

A post-mortem will be published soon with details of the vulnerability and how it has been addressed.

The full list of pools, for reference, will be provided in a comment on this post. Go to the withdrawal page and connect your wallet to see whether you are affected.

The full list of pools is posted in the Balancer Maxis repo

so base pools unaffected?

Correct, Base pools are unaffected.

What type of pools are vulnerable? We want to make sure forks are not affected.

Are just some boosted pools affected?

Withdrew but didn’t get my WETH back in my wallet. Where do I go to find this?

Hello, same here with Avax

The #support channel on the Balancer Discord is the place to go for technical questions and assistance.

The full list of affected pools is given on the page in the Maxi repo referenced above. We cannot make a full public disclosure while any funds are still at risk.

Thanks to the prompt response of the community, and the ease of migration/withdrawal through the recovery exit page, funds at risk are already down to ~1.5% of the TVL.

Full details will be provided in the post-mortem.

Please note that there is no “BAL claim program”! Disregard any posts making such statements, and do not follow any links.

Check on aave: https://app.aave.com

Hi, i cant enter discord. Balancer discord shows invite expired. I lost part of my funds on avalanche. Pool Savax-Wavax. stataAvaWAVAX to Wavax was lost 70% of my funds. No liquidity. What can i do to recuperate?

Hi. I can’t withdraw my funds from my account, everything freezes when I click the withdrawal button. What should I do?

the discord invite not works. how can i deal my problem of lost funds?

dont think your funds are lost, no one lost funds. Would suggest you visit the aave application and withdraw what you can from there. It takes time to buffer, but just be sure you are on the right network.

tks, it was solved on discord.

На персонализированной странице в пользовательском интерфейсе не получается вывести средства. Страница полностью не загружается. Что делать?

It is not possible to withdraw funds on a personalized page in the user interface. The page does not load completely. What to do?

Hello
I was in the MaticX-bb-a-WMATIC-BPT-gauge pool…when I withdrew/unwrapped, i only received back WMATIC and MATICX…missing the underlying coin and cant remember what it was. I followed all instructions and only received 80% of my total. Is this issue resolved through discord? ANy support is appreciated.