Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
DeFi revenue aggregator PancakeBunny tweeted that its version on Polygon was attacked by outsiders and has suspended all Polygon Sushi Vaults. According to officials, Polygon vaults, BSC PancakeBunny vaults, and BUNNY are currently safe. The attacker made a profit of 1281 WETH. Attack method (per SlowMist): Flash loan attack. Reported loss: $ 2,402,462.
- chain
- bsc
- protocol
- PancakeBunny
- bug_class
- flashloan
- date_occurred
- 2021-07-16
- loss_usd
- $2,402,462
- source_id
- sm:pancakebunny::2021-07-16