Altcoins Talks - Cryptocurrency Forum
Cryptocurrency Ecosystem => Crypto Exchanges => Binance => Topic started by: Fariwala on May 22, 2021, 12:59:05 PM
-
PancakeBunny Finance, a decentralized finance (DeFi) protocol based on the Binance Smart Chain, was exploited late Wednesday and saw $45 million drained from its ecosystem.
The attacker used an exploit to mint millions of bunny tokens and sold the majority of them for BNB, leaving liquidity providers short. While this didn't affect the protocol's vaults directly, it sank the price of bunny tokens, affecting all holders.
Here's how the attack happened
The exploitation occured because PancakeBunny had a bug regarding how the protocol calculates the number of new bunny tokens to be minted, according to The Block Research's Igor Igamberdiev. Bunny (BUNNY) is the native governance token of the protocol.
The calculation function for minting new tokens depended on the price of the BNB-USDT pool. If the ratio of the BNB or USDT reserves of this pool were higher, the pool’s price would fall — and vice versa. In other words, the price of this pool could be manipulated based on the reserves of BNB and USDT.
The exploiter took advantage of this bug by using flash loans. They took eight flash loans, seven from PancakeSwap pools and one from ForTube Bank, a DeFi lending protocol. The attacker borrowed 2.3 million BNB (worth $704 million) and 2.9 million USDT ($2.9 million), for a total of nearly $707 million.
These flash loans were then used to manipulate the price of BNB in the BNB-USDT pool. The attacker used a small portion of BNB and USDT from the flash loans to provide liquidity to that pool.
More info: https://www.theblockcrypto.com/post/105473/bsc-pancakebunny-defi-protocol-exploited-lost-45-million-bunny