• 5 min read
Ocean Protocol BPool Exploit:
$11.9K Drained via Join/Exit Math Logic Flaw
$11.9K in mOCEAN was drained from Ocean Protocol BPool/SideStaking pools on Polygon after asymmetric single-sided join/exit math amplified reserve exits.
AUTOSEC.DEV
- Incident Date: June 25, 2026
- Target: Ocean Protocol BPool/SideStaking pools
- Target Overview: Ocean Protocol is a Web3 data and AI network. The reported exploit affected Polygon BPool/SideStaking pools using mOCEAN and datatoken co-staking logic, not a confirmed compromise of Ocean's broader infrastructure.
- Total Loss: Approximately $11.9K (127,864.81 mOCEAN)
- Reported Attacker Address:
0x3fa8cf7fea68c8e76a9838d77889464ddfb6a6cf - Reported Victim Contract:
0xbb3051df2d3e408dae6e6daa2296bc6215f0dcfd - Attack Vector: Smart-contract logic flaw / asymmetric single-sided join-exit accounting
Incident Review & Technical Details
1. Attack Path
- The attacker used a flash-swapped mOCEAN balance: Defimon Alerts reported that the exploit contract started with a flash-swapped mOCEAN balance on Polygon. ClaraHacks described the incident as a smart-contract exploit, not phishing.
- Single-sided deposits entered BPool join logic: The exploit contract repeatedly called
BPool.joinswapExternAmountIn, depositing mOCEAN on one side. According to Defimon, this path triggered the SideStaking bot to auto-mirror datatokens throughcanStake. - Exit calls redeemed more value than the join path should have allowed: The exploit then cascaded
BPool.exitswapPoolAmountIncalls. The key mismatch was betweencalcPoolOutGivenSingleInon deposit andcalcSingleOutGivenPoolInon exit. - SideStaking amplification spread the drain across pools: Defimon reported that SideStaking auto co-staking and unstaking amplified the accounting asymmetry, letting each cycle redeem more mOCEAN than was put in.
- Approximately 70 pools were touched: Defimon reported roughly 127,864.81 mOCEAN drained across about 70 Ocean Protocol BPool/SideStaking pools, with the transaction confirmed successful on Polygonscan at June 25, 2026 05:50:31 UTC.
2. Impact Scope
- Protocol-Level Loss: The reported loss was approximately $11.9K (127,864.81 mOCEAN), using Defimon's cited mOCEAN price of $0.0928.
- Affected Network: Polygon.
- Affected Components: Defimon identified the BPool implementation at
0xbb30...dcfdand noted affected pools including0x1f59...7053. - Affected Asset: mOCEAN, the base token reserve drained from the affected pools.
- Ecosystem Contagion: No stablecoin depeg, lending-market bad debt, bridge contagion, or broader Ocean infrastructure compromise was reported in the reviewed sources.
- Attribution Gap: The reviewed sources did not identify the attacker beyond the on-chain address
0x3fa8...a6cf.
3. Official Statements
- Ocean Protocol: No official Ocean Protocol statement, patch note, or final postmortem was identified in the reviewed sources at the time of writing.
- Defimon Alerts: Defimon attributed the loss to a logic error in asymmetric single-sided join/exit math and published the transaction, attacker address, BPool implementation address, affected-pool example, loss estimate, token price, and technical path.
- ClaraHacks: ClaraHacks characterized the incident as a Polygon smart-contract exploit rather than phishing, and summarized it as a reserve-accounting failure that drained approximately 127,864.81 mOCEAN in one transaction.
- Polygonscan: The referenced transaction page shows the exploit transaction succeeded on June 25, 2026 05:50:31 UTC, with the caller shown as
0x3Fa8...a6cf.
4. Investigation Progress
The available evidence points to a compact but repeatable invariant failure: single-sided join math and single-sided exit math did not preserve value when combined with automated SideStaking co-stake/unstake behavior. Because the exploit reportedly touched about 70 pools in one transaction, the immediate question is whether any remaining BPool/SideStaking deployments still allow the same join-exit cycle.
Recommended response steps for Ocean-style pool systems:
- Reconstruct the transaction on a Polygon fork and convert the failing
joinswapExternAmountIn/exitswapPoolAmountInsequence into regression tests. - Review every place where
calcPoolOutGivenSingleInandcalcSingleOutGivenPoolIncan be paired inside one transaction or one flash-swapped state window. - Add invariants that bound round-trip value: a single-sided join followed by an exit should not return more mOCEAN than the economically equivalent deposit.
- Test SideStaking bot behavior separately from BPool math, then test the combined system with auto co-staking, unstaking,
canStake, and multiple-pool routing. - Publish a final affected-pool list, patch status, paused components if any, user or LP impact assessment, and whether the drained mOCEAN remains traceable or recoverable.
AUTOSEC.DEV Solution
The Ocean Protocol incident shows why DeFi pool math has to be tested as a composed system, not only as isolated formulas.
- Secure Code Review - The reported failure centered on the mismatch between
calcPoolOutGivenSingleInandcalcSingleOutGivenPoolInwhen SideStaking auto co-staking/unstaking was added to the flow. AUTOSEC.DEV reviews AMM, staking, and vault code for round-trip value invariants, asymmetric accounting paths, flash-swapped state windows, and helper-bot side effects that can turn small imbalances into drains. - Penetration Testing - The exploit reportedly chained
joinswapExternAmountInandexitswapPoolAmountInacross about 70 pools in a single Polygon transaction. We reproduce attacker workflows on forks, including flash-swap setup, repeated join/exit cycles, multi-pool routing, and automated staking hooks, so teams can validate that composed behavior preserves reserves before production exposure. - Incident Response - For recent pool drains like this $11.9K mOCEAN incident, AUTOSEC.DEV can support exploit replay, affected-pool scoping, fund-flow tracing, emergency pause validation, patch verification, and a public technical timeline that separates confirmed on-chain facts from analyst hypotheses.