← Back to Hack Archive

PancakeBunny Hack

May 19, 2021$45 millionFlash Loan Price ManipulationBinance Smart Chain

The Story

On May 19, 2021, PancakeBunny, a yield aggregator platform on Binance Smart Chain (BSC), fell victim to a flash loan attack that resulted in the loss of approximately $45 million. The attacker exploited vulnerabilities in the platform's price calculation mechanism to artificially inflate the price of BUNNY tokens.

Using a complex series of flash loans and market manipulations, the attacker was able to trick the protocol into minting a large number of BUNNY tokens, which they promptly dumped on the market. This sudden flood of new tokens caused the price of BUNNY to crash by over 95%, from around $150 to under $10 within hours.

In response to the attack, the PancakeBunny team implemented a compensation plan for affected users through newly issued "polyBUNNY" tokens. The incident was one of several high-profile flash loan attacks targeting BSC protocols in 2021, highlighting the security challenges faced by DeFi projects on newer blockchain networks.

Technical Analysis

The PancakeBunny hack leveraged flash loans to manipulate the protocol's pricing oracle and exploit its token minting mechanism. Here's how the attack was executed:

  1. The attacker borrowed a large amount of BNB and USDT through flash loans on PancakeSwap
  2. They manipulated the price of BUNNY in the PancakeSwap pools by executing a series of trades
  3. PancakeBunny's reward calculation relied on this manipulated price to determine how many BUNNY tokens to mint
  4. The attacker exploited this to mint approximately 7 million BUNNY tokens
  5. They immediately sold these tokens on the market, crashing the price
  6. Finally, they repaid the flash loans and walked away with the profits

The key vulnerability was in how PancakeBunny calculated the value of assets for its reward distribution:

// Simplified representation of the vulnerable price calculation
function calculatePrice(address token) public view returns (uint256) {
    // Get the reserves from the PancakeSwap pool
    (uint112 reserve0, uint112 reserve1, ) = pancakeSwapPair.getReserves();
    
    // Calculate price based on reserves
    // Vulnerability: This can be manipulated with flash loans
    uint256 price = (reserve1 * 1e18) / reserve0;
    
    return price;
}

function mintReward(address user, uint256 performanceFee) internal {
    // Calculate amount of BUNNY to mint based on the manipulated price
    uint256 bunnyPrice = calculatePrice(bunnyToken);
    uint256 amountToMint = (performanceFee * 1e18) / bunnyPrice;
    
    // Mint BUNNY tokens to the user
    bunnyToken.mint(user, amountToMint);
}

The main issue was that the protocol relied on the spot price from a single liquidity pool for its calculations, making it vulnerable to manipulation through large trades.

Lessons Learned

  1. DeFi protocols should use time-weighted average prices (TWAP) instead of spot prices for critical calculations
  2. Multiple price oracles should be used to validate prices and detect manipulation
  3. Minting mechanisms should include caps and rate limits to prevent excessive token creation
  4. Flash loan attack vectors should be thoroughly tested during security audits
  5. Circuit breakers should be implemented to pause functions when suspicious activity is detected