PancakeBunny Incident: Root Cause Analysis

Started at May-19–2021 10:34:28 PM +UTC, PancakeBunny was exploited to mint 6.97 million of BUNNY as reward from its vault (VaultFlipToFlip). The incident was due to a bug in the way of measuring the LP price from an AMM-based oracle. It is worthwhile to mention that this attack involves 8 flashloans with more than $700M USD. In the following, we elaborate the technical details.



The Hack Walk-through

We started the analysis from the transaction behind the hack: 897c…a979. This hack is initialized from this attacker address (located at 0xa0ac) and works as follows:

  • Step 1: Take 8 different flashloans, including 1.05M WBNB from WBNB+CAKE pool, 522.52K WBNB from WBNB+BUSD pool, 210.16K WBNB from WBNB+ETH pool, 133.50K WBNB from WBNB+BTCB pool, 241.02K WBNB from WBNB+SAFEMOON pool, 98.519K WBNB from WBNB+BELT pool, 66.29K WBNB from WBNB+DOT pool, and 2.96M USDT from Fortube Bank. The first seven flashloans are taken from various PancakeSwap pools while the last comes from Fortube Bank.
  • Step 2: Deposit 2.96M USDT and 7886 WBNB into WBNB+BUSDT pool as liquidity and mint in return 144.45K LP tokens.
  • Step 3: Swap 2.32M WBNB for 3.83M BUSDT via the above WBNB+BUSDT pool so that the pool has a sufficiently large WBNB reserve, which is used to influence the valuation of the pool tokens.
  • Step 4: Call getReward() to claim rewards from VaultFlipToFlip. With the higher LP token valuation, the attacker is able to claim reward of 6.97M BUNNY (valued about $1+ B). Note the dev team gets separate 1.05M BUNNY.
  • Step 5: Return the flashloans in Step 1 back to PancakeSwap pools and Fortube Bank.

The Stolen Funds

About Us

A Blockchain Security Company (