PancakeBunny Incident: Root Cause Analysis

Started at May-19–2021 10:34:28 PM +UTC, PancakeBunny was exploited to mint 6.97 million of BUNNY as reward from its vault (VaultFlipToFlip). The incident was due to a bug in the way of measuring the LP price from an AMM-based oracle. It is worthwhile to mention that this attack involves 8 flashloans with more than $700M USD. In the following, we elaborate the technical details.

Summary

This incident was due to a bug in the protocol that uses the AMM-based oracle, i.e., PancakeSwap, to measure the price of specific PancakeSwap LPs (BNB-BUSDT/BNB-BUNNY). After a flashloan-based price manipulation on PancakeSwap pools, the exploitation leads to a skewed calculation of reward amount of BUNNY from the VaultFlipToFlip vault. The whole process leads to the unwarranted minting of 6.97 million of BUNNY. After that, the attacker immediately sold BUNNY for profit.

Details

We started the analysis from the transaction behind the hack: 897c…a979. This hack is initialized from this attacker address (located at 0xa0ac) and works as follows:

  • Step 1: Take 8 different flashloans, including 1.05M WBNB from WBNB+CAKE pool, 522.52K WBNB from WBNB+BUSD pool, 210.16K WBNB from WBNB+ETH pool, 133.50K WBNB from WBNB+BTCB pool, 241.02K WBNB from WBNB+SAFEMOON pool, 98.519K WBNB from WBNB+BELT pool, 66.29K WBNB from WBNB+DOT pool, and 2.96M USDT from Fortube Bank. The first seven flashloans are taken from various PancakeSwap pools while the last comes from Fortube Bank.
  • Step 2: Deposit 2.96M USDT and 7886 WBNB into WBNB+BUSDT pool as liquidity and mint in return 144.45K LP tokens.
  • Step 3: Swap 2.32M WBNB for 3.83M BUSDT via the above WBNB+BUSDT pool so that the pool has a sufficiently large WBNB reserve, which is used to influence the valuation of the pool tokens.
  • Step 4: Call getReward() to claim rewards from VaultFlipToFlip. With the higher LP token valuation, the attacker is able to claim reward of 6.97M BUNNY (valued about $1+ B). Note the dev team gets separate 1.05M BUNNY.
  • Step 5: Return the flashloans in Step 1 back to PancakeSwap pools and Fortube Bank.

This incident leads to the unwarranted minting of 6.97M BUNNY as reward which was then sold by the attacker. Note the attacker’s funds from the above exploitations were initially held in this wallet: a0ac. We are actively monitoring this wallet for any movement.

About Us

PeckShield Inc. is an industry leading blockchain security company with the goal of elevating the security, privacy, and usability of the current blockchain ecosystem. For any business or media inquiries (including the need for smart contract auditing), please contact us at telegram, twitter, or email.

A Blockchain Security Company (https://peckshield.com)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store