Skip to content
Est. MMXXVIVol. VI · № 273RSS
Blockchain Breaches

An archive of cryptocurrency security incidents — hacks, exploits, bridge failures and rug pulls, documented with on-chain evidence.

Dossier № 170Smart Contract Bug

KyberSwap Elastic Precision Bug

$54.7M drained from KyberSwap Elastic after a rounding error in concentrated-liquidity math let an attacker trick pools into recognising double the liquidity.

Date
Victim
KyberSwap
Chain(s)
EthereumArbitrumOptimismPolygonBase
Status
Funds Stolen
Attribution
Andean Medjedovic (indicted)

On November 22, 2023, the decentralised exchange KyberSwap Elastic was drained of approximately $54.7 million across five chains. The exploit chained together a subtle rounding bias and a tick-update sequencing flaw to convince the AMM that pools held twice as much liquidity as they actually did.

What happened

KyberSwap Elastic was a Uniswap v3–style concentrated-liquidity AMM. Liquidity providers deposited assets into specific price ranges ("ticks"), and the pool's accounting tracked which ticks were active and how much liquidity was concentrated in each.

The exploit lived in the interaction between the swap function and the tick-update logic. Specifically:

  1. The attacker constructed a swap whose calculated input amount fell just above the boundary of a tick that contained their own (carefully placed) liquidity.
  2. Due to rounding direction in the swap math, the protocol concluded the swap had crossed the tick boundary — and triggered the tick-update logic that adds the next tick's liquidity to the active total.
  3. But the protocol had also concluded that the current tick still had enough liquidity to satisfy the swap — so it never updated the previously crossed tick's state.
  4. The result: the liquidity in the attacker's tick was counted twice — once as still-active in the current range, and again as added to the next range.

By repeating this manoeuvre at scale across multiple pools, the attacker withdrew far more from each pool than they had ever deposited.

Aftermath

  • The attacker drained 2,367 unique liquidity providers for a primary take of ~$48.7M, with ~$6.6M more swept up by copycat bots within hours.
  • US federal prosecutors indicted Andean Medjedovic, a 22-year-old Canadian, for the exploit — alleging the on-chain actions constituted commodity fraud.
  • KyberSwap published a detailed post-mortem, shut down Elastic, and focused remaining engineering on KyberSwap Classic.

Why it matters

KyberSwap is one of a small set of incidents — alongside Cetus and Balancer v2 — that show AMM invariant math is still a frontier in production code. The same precision-error / rounding-direction / state-update-ordering class of bug keeps reappearing in different AMM designs at different scales. The defence is invariably invariant testing, fuzzing, and formal verification — and even that is not foolproof.

Sources & on-chain evidence

  1. [01]blog.kyberswap.comhttps://blog.kyberswap.com/post-mortem-kyberswap-elastic-exploit/
  2. [02]halborn.comhttps://www.halborn.com/blog/post/explained-the-kyberswap-hack-november-2023
  3. [03]slowmist.medium.comhttps://slowmist.medium.com/a-deep-dive-into-the-kyberswap-hack-3e13f3305d3a

Related filings