Summary On April 22, Cyfrin informed the Bunni team of a critical issue that allowed attackers to bypass the reentrancy lock in BunniHub. This issue enabled attackers to steal all assets in BunniHub. The Bunni team responded by pausing the function that allowed the reentrancy lock to be bypassed, preventing any theft of assets. Issue 1: Malicious Rebalance The culprit is the BunniHub::unlockForRebalance() function. Specifically, BunniHub has these two functions that allowed the hook of a pool to access the reentrancy lock of BunniHub: ...
Dawn of LP Profitability
One of the most important unsolved problems in DeFi is LP profitability. Namely, how can passive AMM liquidity providers consistently make a profit in the face of arbitrageurs, market volatility, and a limited strategy space? Decentralized exchanges such as Uniswap are perhaps the most important apps in DeFi. They enable trading one asset for another without any centralized middlemen, which is a massively important financial primitive that has ramifications not just in crypto but in the wider society as well. However, existing DEXes all suffer from one lethal problem: their liquidity providers are actively losing money from providing trading liquidity that’s the backbone of the crypto economy. ...