In the most delightfully disastrous fashion, the darling decentralized exchange Bunni has graciously confided in us a rather intriguing misstep. An achingly exquisite rounding bug, they explain, befell their smart contract, leading to an $8.4 million extravaganza of modern finance. With all the charm of an absent-minded librarian, the team revealed the nefarious details in a post-mortem addressed to the masses on September the fourth.
As one might expect in such grand escapades, two pools felt the weight of this bug: the weETH/ETH pairing gracefully residing on Unichain, and the delightful USDC/USDT duo adorning Ethereum. It was, indeed, a plot worthy of a Victorian novel.
How the Ruse Unfolded
The mischievous interloper, cloaked in the guise of an attacker, fleetingly borrowed 3 million USDT-thank you kindly for the flash loan, they said-and engaged in a queer series of swaps. With the subtle aplomb of a practiced charlatan, they skewed the poolâs spot price to a melodramatic extremity, leaving a mere 28 wei of USDC as a souvenir. A touch tragicomic, if not for the losses involved!
Then, in a series of forty-four remarkably tiny withdrawals, our dear antagonist danced around the contractâs rounding weakness. The developers, it seems, had based their trusty blueprint on the charming notion that rounding, when exercised with decorum, skews positively and thus, secured its funds. Alas, this was no more than a single-act play, easily extended into a dramatic five-act tragedy by a relentless chain of withdrawals. Thus, was the pool’s treasure plundered-a misfortune of a scale exceeding 84% of its liquidity!
Luridly seizing their opportunity, our villainous ballet master enacted a grand, few-step swap, tangoed up the prices, only to pirouette a reversal-thereby, my dear friends, securing a handsome profit. Upon the conclusion of this bewitching ruse, the perpetrator took their leave-not without a heartwarming gesture courtesy of the flash loan repayment-relinquishing roughly 1.33 million USDC and a million USDT.
Why Some Dances Were Left Unattended
Ah, Bunni, with a whispered concoction of serendipity and regret, noticed that their large pool, Unichainâs USDC/USDâŽ0 pair, wore its dust jacket unscathed. It seems luck, that capricious muse, favored them this time, as the attacker found themselves bereft of the necessary âfirepowerâ-the liquidity to manipulate prices as desired-a truly fortuitous turn.
The Heartfelt Flaw
The crux of this comedy, dear reader, lies in a singular assumption-a belief, if you will, in the hallows of Bunniâs withdrawal strategy. Developers, in the same spirit of optimism that led to one making an earnest statement at a hat store, presumed rounding balances downward to be protective, casting traders in the role of paying a sobering price for each swap. Instead, the flaw sang a different tune when exploited-in numerous tiny acts, tearing asunder this assumed protection.
To remedy their kerfuffle, Bunni has experimentingly applied a novel rounding method, thus obliterating this particular theatrical attack. Yet, in a move as sober as Wildean wit, they conceded their testing framework needed a touch more attention, pledging to broaden their study of fuzz and invariant before welcoming dancers back into the ballroom.
Next Acts and Reclamation
Alas, the sunken fortunes now neighbor two wallets, their keeper’s identity cloaked by the misty veil of Tornado Cash. Though traceless, Bunni’s proposal holds an intriguing incentive: the return of 90% of what was taken, with the remaining 10% for a glorious display of âwhite-hatâ benevolence. They have sung to the centralized serenaders and even whispered to the law, for what is a tale without its cavalry?
Withdrawals now see the light of day, drawing a breath of relief to fervent liquidity providers. But deposits and swapping, alas, are paused, awaiting in silent aplomb. Their unwavering ensemble, a mere sextet, declared with Wilde-like flair: “We spent years of our lives, doling thousands upon thousands, launching Bunni, for we stand resolute in believing, to the future of AMMs! Whatever may transpire, we shall endlessly build, dream, and unfurl the future of DeFi.”
Read More
- FLR PREDICTION. FLR cryptocurrency
- Brent Oil Forecast
- USD HKD PREDICTION
- You Wonât Believe Polygonâs Wild Stablecoin FrenzyâBut POL Has Other Plans
- SharpLinkâs Bold Ethereum Move: $3.6B and Lineaâs Layer-2 Magic
- USD INR PREDICTION
- Bitcoinâs Tragicomic Fumble: Gold Laughs, BTC Sulks đ¤đ
- CRO PREDICTION. CRO cryptocurrency
- KCS PREDICTION. KCS cryptocurrency
- Shiba Inuâs Death Cross: A Drama Queenâs Fakeout đđ°
2025-09-05 09:58