Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
BurgerSwap, an automated market maker on the Binance Smart Chain, was once again attacked by lightning loans. The attacker took advantage of the re-entry vulnerability in the contract, repeated the swap operation many times, controlled the price through re-entry and counterfeit currency, and finally realized the purpose of attack arbitrage. Attack method (per SlowMist): Flash loan attack. Reported loss: -.
- chain
- bsc
- protocol
- BurgerSwap
- bug_class
- flashloan
- date_occurred
- 2021-06-05
- loss_usd
- —
- source_id
- sm:burgerswap::2021-06-05