Vulnerability Disclosure
We were notified of an issue in Stable Pools and Managed Pools thanks to a benevolent hacker who disclosed the vulnerability through our bug bounty program.
š No user funds are at risk insofar as the exploit can only be executed by Pool owners or Balancer Governance šš
Head to the Balancer forum for the full update and plan of action:
forum.balancer.fi/t/vulnerability-disclosure/3179
We would again like to emphasize that no user funds are at risk insofar as the exploit can only be executed by Pool owners or Balancer Governance. Balancer Governance is composed of known and vetted participants in the Balancer ecosystem.
In particular, Balancer Governance on Ethereum Mainnet (the network that holds the vast majority of funds) is represented by a 6-of-11 multi-sig owned by reputable members of the Web3 community.
Read more about the multi-sig: docs.balancer.fi/ecosystem/governance/multisig
It has been a big week for bug reports. Our bug bounty program continues to make Balancer Protocol safer and more secure for our users thanks to White Hat hackers. We continue to encourage the search for any vulnerabilities in the Balancer code.
docs.balancer.fi/security/bug-bounties
We will post an update as soon as the hacker is paid their Balancer bounty in conjunction with our friends at @beethoven_x who will pay an additional bounty, making the search for vulnerabilities an even more lucrative pursuit.
medium.com/balancer-protocol/beethoven-x-joins-balancer-labs-bug-bounty-program-b11f18d20655
You can read the unrolled version of this thread here: typefully.com/BalancerLabs/DFtFCcQ