BSC Flash Loan Attack: PancakeBunny

In May 2021, we witnessed multiple hacks targeting BSC DeFi products. In particular, a loophole related to reward minting in the yield aggregator, PancakeBunny, was exploited to mint ~7M BUNNY tokens from nothing, leading to a whopping $45M financial loss. After the bloody hack, three forked projects —  AutoShark, Merlin Labs, and PancakeHunny — were attacked with similar techniques. Amber Group’s Blockchain Security team, led by Dr. Chiachih Wu, elaborates on the loophole and gives a step-by-step account of the exploit by reproducing the attack against PancakeBunny. Hidden Attack Surface: balanceOf() Many people believe that composability is crucial to the success of DeFi. Token contracts (e.g., ERC20s) play an essential role on the bottom layer of DeFi legos. However, developers may overlook some uncontrollable and unpredictable conditions when integrating ERC20s into their DeFi projects. For example, you can’t predict when and how many tokens you will receive when you retrieve the current token balance. This uncertainty creates a hidden attack surface. In many cases, smart contracts reference the balances of ERC20s in their business logic. For example, when a user deposits some XYZ tokens into the smart contract, XYZ.balanceOf() is invoked to check how much money is received. If you’re familiar with the Uniswap codebase, you probably know that the UniswapV2Pair contract has many balanceOf(...