On September 2, Bunni was exploited for ~$8.4m by a sophisticated attacker. Two pools were affected: weETH/ETH on Unichain and USDC/USDT on Ethereum. The transactions can be found here: https://etherscan.io/tx/0x1c27c4d625429acfc0f97e466eda725fd09ebdc77550e529ba4cbdbc33beb97b https://uniscan.xyz/tx/0x4776f31156501dd456664cd3c91662ac8acc78358b9d4fd79337211eb6a1d451 Here is our analysis on how the exploit worked, what went wrong, and what we can do next. Exploit Analysis The two pools were exploited in largely the same way, and in this analysis we will use the USDC/USDT pool as the example. ...
Bug Disclosure: Reentrancy Lock Bypass
Summary On April 22, Cyfrin informed the Bunni team of a critical issue that allowed attackers to bypass the reentrancy lock in BunniHub. This issue enabled attackers to steal all assets in BunniHub. The Bunni team responded by pausing the function that allowed the reentrancy lock to be bypassed, preventing any theft of assets. Issue 1: Malicious Rebalance The culprit is the BunniHub::unlockForRebalance() function. Specifically, BunniHub has these two functions that allowed the hook of a pool to access the reentrancy lock of BunniHub: ...
Dawn of LP Profitability
One of the most important unsolved problems in DeFi is LP profitability. Namely, how can passive AMM liquidity providers consistently make a profit in the face of arbitrageurs, market volatility, and a limited strategy space? Decentralized exchanges such as Uniswap are perhaps the most important apps in DeFi. They enable trading one asset for another without any centralized middlemen, which is a massively important financial primitive that has ramifications not just in crypto but in the wider society as well. However, existing DEXes all suffer from one lethal problem: their liquidity providers are actively losing money from providing trading liquidity that’s the backbone of the crypto economy. ...