Bunnies are reproducing quite fast, and as it turns out, not only in nature but also in the blockchain. Autoshark was nearly 1:1 fork of PancakeBunny, and apart from copying all the logic, they also copied the flawed logic responsible for the PancakeBunny hack.
A hacker used 100K BNB of flash loan and minted 135M of SHARK token from Autoshark. As a result, the hacker has taken out 2.2k WBNB (~$745k).
Here’s the transaction for the hack
The reason behind the hack isn’t something new. I’m not talking about the exploit itself but why it was there in the first place. Everybody wants a piece of currently $58B TVL. Many projects are FOMOing into space by copy-pasting code from different projects, copy-pasted from reputable projects, etc. It’s, of course, a part of the ecosystem's composability and openness, but if reusing other parts of the code, always make sure it doesn’t have any issue with it. Check for the latest hacks or audit reports of the project you’re forking from to see if any issues were not solved.
And for god’s sake, before posting on medium an article about PancakeBunny hack, make sure you, who has copied their code, aren’t vulnerable to the same issue.
Thanks for reading, and if you like my writing, you can subscribe to my blog to receive the daily newsletter as I’m currently in the middle of 100 days of blogging challenge. Subscription box below 👇
If the newsletter is not your thing, check out my Twitter @adrianhetman, where I post and share exciting news from the Blockchain world and security.
See you tomorrow!