$581 000 USD
DESCRIPTION OF EVENTS
"AutoShark [started as] a yield optimizer for Automatic Liquidity Acquisition Farms & AMMs on the Binance Smart Chain. It is forked from PancakeBunny, and offers unparalleled access to farming opportunities through the use of superior yield strategies and auto-compounding vaults." "Autoshark was nearly [a] 1:1 fork of PancakeBunny."
"Amidst the numerous rug pulls that have happened over the past month, it will be inevitable that some investors will fall for the scams even if they have a favorite yield optimizer platform to be on. At AutoShark, we make sure to work only with the most established projects so yield farmers can have peace of mind when their assets are with us."
"AutoShark Finance is the 1st Hybrid AMM and Yield Optimizer, offering unparalleled access to farming opportunities through the use of superior yield strategies, auto-compounding vaults, and NFT-powered farming." "The goal of AutoShark is to build the number 1 most sustainable AMM + DEX and Yield Optimizer on the Binance Smart Chain." "To do so, we seek to capture interest through our aggregation of decentralized exchange swap systems and yield optimizing strategies."
"AutoShark has grown from being a yield optimizer to a project that focuses on building an entire ecosystem of sustainable DEFI products to help you get the safest and best possible yields on your cryptocurrency portfolio. We welcome cryptocurrency advocates from all walks of life, and present the following features for every different profile."
"The swap mining feature was exploited in a flurry of txs to gain the reward of 3.18M FINS tokens, which are then immediately swapped to 1,388 BNB (with roughly $581K)."
"The hack is made possible due to the relatively low pool liquidity so that the hacker can use flashloans to occupy the majority of pool share (to recover swap loss/fee) while still enjoy the sizable "swap fee reward” (increased from each huge swap)."
"To illustrate, we use one example hack tx with 100+ swaps back-and-forth to get 15K FINS rewards, which are then swapped to get 121 BNB as profit. Note the swap fee is still largely obtained by the hacker due to the owned majority pool share." "he hacker repeats the above steps seven times and gains in total 1,388 BNBs (with ~$580K). The initial hack funds are transferred from @TyphoonCrypto and the final gains are transferred out to Ethereum via @AnyswapNetwork."
"Interesting, it seems the @AutoSharkFin platform charges 0.3% swap fees with a portion being sent to holders of #FINS as dividends. The hacker sold native tokens for ~$581k, while the platform gained ~$920k for buyback and fees redistribution."
"In short, the user basically did a huge trade on our platform, paying us huge amount of fees & minting equivalent amount of $FINS. As part of our tokenomics, the fees collected are used to form LP that will be deposited into the FINS dividend pool for users as rewards."
"We have also used $FINS from our own dev treasury to form FINS LP that is being sent to the $FINS dividend pool. Therefore, our $FINS holders will gain more than $920,000 in rewards!"
"Moving forward, we will be placing a hard cap of trading fee rebates based on the total daily trading volume on our platform. So users can't do huge trades that will create volatility in our system (like what we have just seen)."
For example, "our trading volume is averaging $9-10mil volume now and upon hitting a cap at around $20mil total trading volume, we will pause the trading rebates and resume the following day."
"Our APY for $FINS dividend pool has increased significantly from the increase in rewards that is attributed to the large volume of trading fees!"
A user was incentivized to make a large trade on the AutoShark platform based on the rebate program, which contributed heavily to the market volatility. It's unclear if there was an overall loss of any investor funds.
What is AutoShark.Finance? - AutoShark (Jun 13)
blocksec-incidents/2021.md at main · openblocksec/blocksec-incidents · GitHub (Aug 11)
AutoShark Intro - AutoShark (Dec 5)
@peckshield Twitter (Dec 5)
https://bscscan.com/tx/0x640ce34ce69ff5a034edc6df6e43fd80cc08d02a36d262e131d37ead990fff29 (Dec 5)
@AutoSharkFin Twitter (Dec 5)
SlowMist Hacked - SlowMist Zone (Nov 6)
@AutoSharkFin Twitter (Dec 17)