In this article, a vulnerability in a DeFi project's liquidity pool is explored, caused by a denial-of-service attack vector that affects internal token balances.
- The vulnerability arises when a Balancer multi-token flash loan is taken out for tokens with double entry points.
- The article covers the prerequisite concepts of smart contract proxies, double entry point tokens, and flash loans.
- The vulnerability is explained in detail, along with an attack simulation.
- The lessons learnt from this vulnerability include accounting for unusual function arguments in code, recording pre-loan balances before transferring tokens, and being wary of providing multiple addresses for the same token.
