SlowMist, which focuses on blockchain ecosystem security, and has served major digital asset firms such as Huobi, OKEx, Binance, imToken (with around 1,000 commercial customers), has conducted an analysis on the recent PancakeBunny hack.
SlowMist Zone had reported that PancakeBunny, the decentralized finance (DeFi) revenue aggregator on the Binance Smart Chain (BSC), experienced a flash loan attack. SlowMist claims that it got involved “immediately” and has shared the results of their investigation.
Notably, PancakeBunny is the latest victim in the flash loan attacks being directed at DeFi projects that may not have written smart contract code that’s secure and thoroughly audited. According to several reports, the hacker managed to net approximately $200 million from the BSC exchange after successfully manipulating prices. The project’s developers had claimed (on May 20, 2021) that there had been no smart contract exploit or vault hack, however, it may be considered more of an “economic exploit.”
The developers clarified:
“We would like to remind the community that no vaults have been compromised. The exploit was an economic exploit that attacked the price of BUNNY, using flash loans. We repeat, no vaults have been breached.”
The hacker, however, got away with 700,000 BUNNY tokens and 114,000 BNB valued at around $200 million (at the time of the incident).
Here’s a recap of the event and Attack analysis from SlowMist:
- The attacker first “initiated a transaction, using 0.5 WBNB and about 189 USDT to add liquidity in PancakeSwap and obtained the corresponding Liquidity Provider (LP), and then mortgaged the LP to the VaultFlipToFlip contract of the PancakeBunny project.”
- After the LP mortgage was completed, the attacker “initiated another transaction again.” In this transaction, the attacker first “borrowed a huge amount of WBNB tokens from the multiple liquidity pools of PancakeSwap and borrowed a huge amount of WBNB tokens from the Fortube project.” The flash loan module “lended a certain amount of USDT tokens.” Then used “all the borrowed USDT tokens and some WBNB tokens to add liquidity to PancakeSwap’s WBNB-USDT pool, and keep the obtained LP in the WBNB-USDT pool.”
- Since the attacker had “already pledged in the VaultFlipToFlip contract in step 1, the attacker directly called the getReward function of the VaultFlipToFlip contract after adding liquidity to obtain BUNNY token rewards and retrieve the previously mortgaged liquidity.”
- During the getReward operation, it “will call the mintForV2 function of the BunnyMinterV2 contract to mint BUNNY token rewards for the caller.”
- In the mintForV2 operation, it “will first transfer a certain amount of (performanceFee) LPs to the WBNB-USDT pool to remove liquidity, but because the attacker left a large number of LPs in the pool in step 2, BunnyMinterV2 The contract will receive a large amount of WBNB tokens and USDT tokens.”
- After the liquidity removal is completed, the zapInToken function of the zapBSC contract “will be called to transfer the WBNB and USDT tokens received in step 5 to the zapBSC contract.”
- In the zapInToken operation, it “will convert the transferred USDT into WBNB in the WBNB-USDT pool of PancakeSwap.” Afterwards, “half of the WBNB in the contract will be exchanged into BUNNY tokens in the WBNB-BUNNY pool of PancakeSwap, and the obtained BUNNY tokens and the remaining WBNB tokens will be added to the WBNB-BUNNY pool to obtain LP, and this LP will be added to the WBNB-BUNNY pool.” Go to mintForV2 contract. However, “due to the unexpected large amount of WBNB received in step 5 and the conversion of WBNB into BUNNY tokens, the number of WBNB in the WBNB-BUNNY pool will increase significantly.”
- After completing the zapInToken operation, “the number of WBNB-BUNNY LP currently received by the BunnyMinterV2 contract will be calculated and returned to mintForV2.” The valueOfAsset function of the PriceCalculatorBSCV1 contract “will then be called to calculate the value of these LPs, where the calculated value will be settled in BNB (that is, how many BNB is worth a single LP).”
- In the valueOfAsset calculation, it “uses the real-time number of WBNB in the WBNB-BUNNY pool multiplied by 2 and divided by the total number of WBNB-BUNNY LPs to calculate the value of a single LP (valueInBNB).” But after step 7, we can “find that the unexpected amount of WBNB in the WBNB-BUNNY pool has increased significantly, which leads to a very high price relative to BNB when calculating the value of a single LP.”
- Then in mintForV2, the contract “will use the LP value calculated in step 9 to calculate how many BUNNY tokens need to be minted for the attacker through the amountBunnyToMint function.” However, due to the flaws in the price calculation method, the final LP price “was maliciously manipulated and increased by the attacker, which resulted in the BunnyMinterV2 contract eventually minting a large number of BUNNY tokens (about 6.97 million) for the attacker.”
- After getting BUNNY tokens, the attacker “sold them in batches into WBNB and USDT to return the flash loan. Take the money and leave after completing the entire attack.”
The Summary of the attack was also prepared by SlowMist:
“This is a typical attack using flash loan operation prices. The key point is that the price calculation of WBNB-BUNNY LP is flawed, and the number of BUNNY minted by the BunnyMinterV2 contract depends on this flawed LP price calculation method, which ultimately leads the attacker to use flash loan manipulated the WBNB-BUNNY pool to raise the price of LP, making the BunnyMinterV2 contract cast a large amount of BUNNY tokens for the attacker.”
The SlowMist security team “recommends that when it comes to such LP price calculations, a credible delayed price feed oracle can be used to calculate or refer to the LP price calculation method previously studied by the Alpha Finance team to avoid the recurrence of malicious manipulation.”
As previously reported, SlowMist Technology is a company that’s focused on blockchain or distributed ledger technology (DLT) ecosystem security.
SlowMist has worked with well-known projects across the globe through “the security solution that integrated the threat discovery and threat defense while tailored to local conditions” and has many commercial cclients.
SlowMist’s security solutions include security audit, threat intelligence (BTI), bug bounty, defense deployment, security consulting, and various other services. SlowMist reports that it’s equipped with cryptocurrency anti-money laundering (AML), false top-up scanner, vulnerability scanner, and vulnerability monitoring (Vulpush), hacked project archives (SlowMist Hacked), smart contract firewall (FireWall.X), Safe Staking and other SAAS security products.