[Incident report] - Balancer's EURe/sDAI pool on GnosisChain

Unfortunately, and somewhat annoyingly, I need to post this…

On April 7, 2025, we (DeFi France) discovered an issue with the Balancer pool that held most of the liquidity for EURe on GnosisChain. Someone immediately contacted Balancer, who corrected the problem but without making any public announcement about it.

Why discuss this on the Gnosis forum rather than Balancer’s?
Simply because this pool was the primary source of liquidity for GnosisPay and was also used by kpk with funds from the Gnosis DAO.

What’s the problem?
The pool uses an oracle to determine the price of sDAI and EURe. The first and main issue is that this price was only updated every 3 hours, leading to a divergence between the true EURO price and the pool’s EURe price, causing unjustified losses for liquidity providers. This arbitrage led to a significant loss for the pool. I estimated the total loss due to price divergences at $700,000. I should clarify that this amount does not account for transaction fees or slippage; the actual amount lost is closer to $400,000.

echarts (1)960×540 33 KB

The second problem, which caused less loss but is more serious from my perspective, demonstrates a lack of due diligence by those who deployed and used this pool. This is the fact that the EURO price was not updated on weekends. However, a price for the EURO is still easily accessible via CeX, DeX, or even brokers offering derivative contracts. This limitation, due to the functioning of the ChainLink oracle, should have immediately disqualified this pool.

Now that I’ve summarized the problem, we can talk about the core issue.

The incident management by Balancer and kpk is catastrophic.

We first contacted them on April 7, three months ago. No communication has been made to inform the pool’s liquidity providers that the price was previously only updated every 3 hours.
I shared my report privately on May 19, with all the data demonstrating that the problem existed and still partially exists even with the correction of the 3-hour bug.
For the past three weeks, I’ve been assured every few days that communication will arrive, and I just need to wait a few more days.

They decided to re-do the calculations themselves because they disputed the amount of my findings. That’s fine, but it didn’t prevent them from already communicating about the problem the pool encountered (the 3-hour bug) and its limitations (no price on weekends).

I am very frustrated by what Balancer and kpk have done.

You can find the report here => Balancer sDAI/EURe incident report - NolanV

Thanks for the report. From the data, it looks like GnosisDAO was the main counterparty here, would you agree?

I’ve been aware for quite some time that GnosisDAO’s biggest weakness is in its financial governance and operations; this outcome is simply a direct consequence of that.

Thanks for the post.

• Balancer: Send back all fees earned from the pool while the oracle was broken.
• @kpk: You coordinated the pool, parked DAO cash in it, and never noticed a 3-hour lag + weekend blackout. Make LPs whole. Also can you clarify if you charged AUM fees and perf on the funds deployed in this pool?

Quick answers needed:

1. Who picked those oracle settings and signed them off? What DD was done to deploy DAO funds into the pool?
2. What dashboard/alerts, as part of risk management kpk provides, were monitoring the pool?
3. Why did you keep this quiet for almost three months. Hoping nobody would notice?

Completely agree. Outsourcing a CFO with hedge fund fees creates completely misaligned incentives. Unfortunately, this has been raised multiple times already without being addressed.

Hey, thanks a lot for your post — I wanted to share my perspective on what happened. This is my personal opinion and does not represent the official views of Gnosis Ltd. or karpatkey.

• The root issue was correctly diagnosed: a misconfiguration in the oracle caused losses of around $400k. I discovered this around February and immediately flagged it to Balancer, asking them to issue a fix. However, doing so required a DAO vote and a transaction on Mainnet to grant permission to a Safe on Gnosis Chain. This whole process took about two months.

• At the time, I wrote a query to try to understand the problem. It’s far from perfect, but it clearly showed that something was off. After pushing Balancer to act quickly, it still took them almost two months to execute the necessary transactions — during which LPs lost an additional ~$100k. Unfortunately, this happened to coincide with the Trump tariffs market volatility.

• I also noticed that Balancer had earned around $100k in fees from this pool, which was a red flag indicating toxic flow.

• When we first discovered the issue, it was clear LPs were taking losses, but we didn’t believe there was a risk of full capital loss. Given how critical this pool was for Gnosis Pay, we decided to monitor the situation, wait for the fix, and then communicate transparently and let the DAO decide whether LPs should be compensated (personally, I think they should).

• The fix finally went through on April 7th. Two weeks later, I noticed some continued value leakage. I reviewed the pool settings and found that although the Chainlink feed should update with 0.1% price movements, in practice it was using longer heartbeats. That meant the 0.1% fee was too low, and LPs were still losing money. So, in early May, I asked Balancer to increase the pool fee to 0.25%.

• Shortly after, I saw NolanV’s report. The data matched my back-of-the-envelope calculations, so I thanked him and agreed we needed to issue comms and discuss possible compensation. I then asked Karpatkey to write a full report, since the issue had been correctly identified. Given Karpatkey’s role — managing liquidity, monitoring DAO positions, and ensuring deep liquidity on Gnosis Chain — it was within their mandate to investigate. However, they kept arguing the figures were wrong and that comparing to Binance spot prices was misleading. I disagree — the general direction of the analysis is sound, and a 10–20% margin of error is acceptable in this context and at these scales. These discussions dragged on for two months, and then NolanV rightfully decided to make the post.

What should happen now:

• LPs should be made whole. One option is to boost APY for LPs over a 3-months period so they recover their losses. Merkl has already developed a feature that would make only pre-existing LPs eligible (up to a specific cutoff). The DAO should vote on whether to reimburse users.
• I think we should also give away a bounty for NolanV. While we had already discovered the issue and issued the fix, he structured the analysis in a way from where we can take a lot of actionables - and that should be rewarded

We are also grateful to @NolanV for his post and incident report.

The affected EURe/sDAI pool was created to support Gnosis Pay and Monerium on Gnosis Chain, through a partnership between kpk, Gnosis and Balancer. The technical, operational, and financial contributions to this effort have been shared among the three of us to varying degrees over time since the initial deployment.

Due to the coordination across different teams with varying expertise, the process of evaluating this situation has been challenging. However, we recognise our response should have been faster, and apologise for the delay.

We confirm that we became aware of the situation in February 2025, and that we followed up with a resolution which was proposed for onchain execution by Balancer DAO in March and executed in April, effectively resolving the issue. As stated by @nesk, the measures taken to rectify the misconfigured parameters were sufficient, and there was no impact on users’ funds once those were enacted.

Since that time, and together with Balancer’s data analytics team, we have been performing an extensive evaluation of the underlying data. We provide a full summary of the findings in our proposal referenced below.

In short, we find that – absent the misconfiguration – liquidity providers in the pool would have received in aggregate up to 330,000 USD more from their positions. We agree with nesk that a reimbursement is appropriate here (including a bounty for NolanV).

Based on the above, we have prepared and will now submit a draft GIP-127, proposing a reimbursement for liquidity providers for their lost opportunity, as well as a bounty for NolanV.

We are keen to hear and address any further questions that the community may have on this situation. This reply is given on behalf of kpk only. We are, however, in discussion with Balancer and Gnosis on this topic, and may need to defer to one another to provide full and proper answers to specific questions.

@Karpatkey, this is simple:

• You botched this, spotted it in February, patched it in April, and only told LPs in July, after being called out.
• You earned fees while the pool bled. Now you want the DAO, who was an LP in the pool under your management, to foot the reimbursement? That’s not governance, that’s cost-shifting malpractice.

Fix it the right way:

1. kpk pays 100% of the make-whole (plus NolanV’s bounty) out of your fees and retainer.
2. Balancer refunds fees earned during the drift.
3. DAO pays zero, gets refunded by kpk and balancer for lost funds.

Anything else invites moral hazard and is ridiculous. Please rewrite GIP-127 accordingly.

Sounds well for me but most important: These kind of issues should be communicated to the public as soon as possible, even If not proven, to get involved all ppl intereted and also enable LP to act acording to their guess. Reading about this only now undermines trust in the defi space at GC cause it’s mainly shaped by karpatkey.

edit: also communicate issues in due time would, imo, limit responsibility for loss of ppl that stayed in dispite of the chance to know better.

The pool was managed by Balancer and kpk. As for the financial side of it, I don’t know how many $ kpk used to provide liquidity and/or incentives in that pool.

Why did it take two months just to change two variables?
I find it strange that the fix was deployed on the very same day we (DeFi France) brought the issue to Balancer’s attention.

I’m not entirely comfortable with this.

It’s strange to ask LPs to re-deposit (or stay) in a pool that has just been proven dysfunctional, just to get reimbursed. Let me remind you that the price is still not updated on weekends. This demonstrates Gnosis’s honesty and seriousness that they are reimbursing the losses, which were due to an error by Balancer and kpk, but this shouldn’t be done through an incentive scheme.

It’s a minor detail, but for transparency, I still want to point out that your calculation is incorrect. You haven’t accounted for the LVR due to outdated pricing during the weekend, and pool deposits/withdrawals, despite this method being actively used for pool arbitrage. (Cf: https://gnosisscan.io/tx/0x40da3abe477c65d73f375bce05fd9c1680d04148d92ede85afd4594536b20e96)

I want to reiterate that LP reimbursement was absolutely not my priority. I was an LP in the pool, and I didn’t set up the tools to track my position; I only realized it when doing my accounting (Rotki <3), so I am partly responsible for my loss. Even though it’s true that Balancer’s front-end (like all AMMs) is highly misleading.

As a GNO holder, my post was motivated by a desire to understand why kpk didn’t realize they were losing the money entrusted to them for over a year!

Mistakes can happen, but I see no questionning from kpk on how this could have happened, nor how they plan to prevent it in the future. We were lucky; the loss is very small compared to the AUM, but it could have been much worse. Even though I’m not satisfied with kpk’s work, the goal is not to name and shame them, but rather to ensure that this kind of error doesn’t happen again.

The Omni-multisig of Balancer needed to be granted permission by the DAO, for which there needed to be a proposal. You can see the proposal posted on March 4th to do that. Once it passed on March 10 they took a long time to execute. You can see here that the tx was proposed on March 25th and only executed on April 7th. We initially had brought up the issue on February 20th.

I’ve done some analysis on the data that you collected which shows that 95% of the losses are happening on weekdays:

Screenshot 2025-05-20 at 12.52.49758×258 13.7 KB

Your data also did not account to increase in fees and the lowering of the A factor (because it happened after your cutoff date).

Regarding this: my take is that the pool has actually stopped leaking value and it’s having a positive APY. My intention in doing the compensation in this way is that LPs have shown interest in the pool, but may have lost it for the reasons you described. By asking them to re-deposit/stay, LPs can see on their own what’s the actual (new) APY, and decide to stay or leave otherwise. Even after the losses that they incurred, TVL has been pretty stable. IMO it’s fair to ask them to stay for 3 months more.

image1920×853 54.8 KB

This oracle adds more risk and doesn’t really bring much to the table; the pool would be far more profitable without it.

It’s true that EUR/USD movements are usually very small on weekends, but we’ve already seen extreme forex movements on weekends. And not on Zimbabwean currencies, but on solid ones like the Swiss franc in 2015, where we saw a 30% movement in a very short period.

In short, I maintain that this pool is inherently dangerous. Perhaps there will never be any issues, but at the very least, this risk will need to be communicated to the LPs.

A lost opportunity is still a loss. Of course, you’re free to do as you wish; I’m just offering my opinion like anyone else.

It’s already admirable of you to offer some form of reimbursement