[Incident report] - Balancer's EURe/sDAI pool on GnosisChain

Unfortunately, and somewhat annoyingly, I need to post this…

On April 7, 2025, we (DeFi France) discovered an issue with the Balancer pool that held most of the liquidity for EURe on GnosisChain. Someone immediately contacted Balancer, who corrected the problem but without making any public announcement about it.

Why discuss this on the Gnosis forum rather than Balancer’s?
Simply because this pool was the primary source of liquidity for GnosisPay and was also used by kpk with funds from the Gnosis DAO.

What’s the problem?
The pool uses an oracle to determine the price of sDAI and EURe. The first and main issue is that this price was only updated every 3 hours, leading to a divergence between the true EURO price and the pool’s EURe price, causing unjustified losses for liquidity providers. This arbitrage led to a significant loss for the pool. I estimated the total loss due to price divergences at $700,000. I should clarify that this amount does not account for transaction fees or slippage; the actual amount lost is closer to $400,000.

echarts (1)960×540 33 KB

The second problem, which caused less loss but is more serious from my perspective, demonstrates a lack of due diligence by those who deployed and used this pool. This is the fact that the EURO price was not updated on weekends. However, a price for the EURO is still easily accessible via CeX, DeX, or even brokers offering derivative contracts. This limitation, due to the functioning of the ChainLink oracle, should have immediately disqualified this pool.

Now that I’ve summarized the problem, we can talk about the core issue.

The incident management by Balancer and kpk is catastrophic.

We first contacted them on April 7, three months ago. No communication has been made to inform the pool’s liquidity providers that the price was previously only updated every 3 hours.
I shared my report privately on May 19, with all the data demonstrating that the problem existed and still partially exists even with the correction of the 3-hour bug.
For the past three weeks, I’ve been assured every few days that communication will arrive, and I just need to wait a few more days.

They decided to re-do the calculations themselves because they disputed the amount of my findings. That’s fine, but it didn’t prevent them from already communicating about the problem the pool encountered (the 3-hour bug) and its limitations (no price on weekends).

I am very frustrated by what Balancer and kpk have done.

You can find the report here => Balancer sDAI/EURe incident report - NolanV

Thanks for the report. From the data, it looks like GnosisDAO was the main counterparty here, would you agree?

I’ve been aware for quite some time that GnosisDAO’s biggest weakness is in its financial governance and operations; this outcome is simply a direct consequence of that.

Thanks for the post.

• Balancer: Send back all fees earned from the pool while the oracle was broken.
• @kpk: You coordinated the pool, parked DAO cash in it, and never noticed a 3-hour lag + weekend blackout. Make LPs whole. Also can you clarify if you charged AUM fees and perf on the funds deployed in this pool?

Quick answers needed:

1. Who picked those oracle settings and signed them off? What DD was done to deploy DAO funds into the pool?
2. What dashboard/alerts, as part of risk management kpk provides, were monitoring the pool?
3. Why did you keep this quiet for almost three months. Hoping nobody would notice?

Completely agree. Outsourcing a CFO with hedge fund fees creates completely misaligned incentives. Unfortunately, this has been raised multiple times already without being addressed.