Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Medium user Anonymous Dev published an article stating that there are a large number of loopholes in the BSC ecological Rabbit Finance code, which may be suspected of running away. The vulnerabilities include: 1. The total supply of tokens RABBIT is not the hard cap of 203,000,000 as the team claims; 2. The owner of Rabbit's FairLaunch can issue unlimited RABBIT tokens at any time; 3. 100% of the positions can be liquidated at any time and funds It can be stolen at any time, and there is no maximum limit on the configurable protocol parameters; 4. All funds on the platform may be stolen, and Rabbit’s EOA account can be upgraded to execute the contract at any time. The official did not respond to this matter. Although the Rabbit team did not explain why the vulnerabilities existed, or outright pleaded guilty, the Rabbit team was forced to at least add some restrictions to these security risks through a 24-hour Timelock. Attack method (per SlowMist): Rug Pull. Reported loss: -.
- chain
- bsc
- protocol
- Rabbit Finance
- bug_class
- rug
- date_occurred
- 2021-07-14
- loss_usd
- —
- source_id
- sm:rabbit-finance::2021-07-14