BUNNI

DESCRIPTION OF EVENTS

Bunni is a decentralized exchange (DEX) built on Uniswap v4 designed to maximize liquidity provider (LP) profits across all market conditions. It introduces a unique "shapeshifting liquidity" technology that allows LPs to program and automatically adjust their liquidity positions based on market movements, effectively responding to market changes even while they sleep. This dynamic approach helps LPs optimize their returns without constant manual intervention.

Beyond providing flexibility, Bunni also enhances yield by enabling users to earn additional income on idle liquidity through integrations with trusted platforms like Aave and Gearbox. It optimizes swap fee revenue by leveraging auction-managed strategy providers and benefits from Uniswap’s vast and efficient orderflow, ensuring steady fee income.

Moreover, Bunni incorporates advanced protections to minimize common risks for liquidity providers, such as Miner Extractable Value (MEV) and Loss Versus Rebalancing (LVR), through innovative mechanisms like am-AMM and surge fees. The platform empowers developers and LPs to finely control how liquidity is distributed across price ranges and how it shifts in response to market signals, making it a flexible and powerful tool for sophisticated liquidity management.

The smart contract was reportedly audited by "Pashov, Cyfrin, and Trail of Bits".

Despite multiple extensive unit tests, fuzz tests (including Medusa), and simulations, the Bunni protocol still managed to launch with a critical vulnerability.

The core vulnerability in Bunni’s smart contract was a subtle rounding error in how the pool’s idle balance was updated during withdrawals. Specifically, when liquidity providers withdrew their shares, the contract reduced the idle balance by a proportional amount but rounded this decrease down (using mulDiv), which was assumed safe because it would err on the side of higher idle balance and thus lower active liquidity—thought to protect the pool by making it more conservative.

Tests did not cover complex sequences of multiple operations interacting over time with the smart contract's rounding behavior. Each rounding decision was safe in isolation, and the tests likely focused on single-operation scenarios rather than long chains of withdrawals combined with swaps.

Bunni suffered a sophisticated exploit resulting in the theft of approximately $8.4 million, affecting two liquidity pools: weETH/ETH on Unichain and USDC/USDT on Ethereum. The attacker used a three-step method on the USDC/USDT pool involving flashloans, a series of tiny withdrawals exploiting rounding errors, and a sandwich attack. Initially, the attacker flashborrowed 3 million USDT and pushed the pool’s price to an abnormal level while drastically reducing the active USDC balance. Then, through numerous tiny withdrawals, they exploited rounding inaccuracies to disproportionately decrease the pool's active USDC liquidity, causing a sharp but incorrect reduction in the pool’s total liquidity. Finally, leveraging this manipulated liquidity state, the attacker executed a sandwich attack that artificially inflated the pool’s liquidity, allowing them to extract significant profits before repaying the flashloan.

The core vulnerability stemmed from a subtle but critical rounding error in the smart contract’s withdrawal logic. The contract decreased the pool’s idle balance proportionally when liquidity providers withdrew, rounding down the decrease amount. This was assumed safe when done in isolation, but in a sequence of operations, it allowed the attacker to drastically reduce the pool’s active balance without burning a proportional amount of liquidity shares. This caused the pool’s total liquidity estimate to become artificially low, which was then reversed during the attacker’s swaps, creating an exploitable liquidity increase. Changing the rounding method to round up in these calculations stopped the exploit from being profitable.

The Bunni team noted that the largest pool, Unichain USDC/USD₮0, was spared mainly due to insufficient flashloan liquidity on Unichain, which prevented the attacker from executing the first step there. Post-exploit, the team paused most functions but safely unpaused withdrawals so LPs could reclaim their funds. They are actively pursuing recovery of stolen funds through legal means and exchange cooperation. Moving forward, Bunni aims to strengthen its testing frameworks to cover complex multi-operation scenarios better and explore comprehensive fixes before relaunching. Despite the setback, the team remains committed to innovating and advancing decentralized finance.

The final numbers in the post-mortem which the Bunni protocol published are "~$8.4m". "Two pools were affected: weETH/ETH on Unichain and USDC/USDT on Ethereum."

An initial post by TenArmor reports losses at $2.3m. However, this appears to only include one of the attacks.

The Bunni team posted an initial update after pausing the protocol. Early external analyses mistakenly pointed to rebalancing issues, but the team quickly identified that the root cause was a subtle rounding bug during withdrawal operations, which the attacker exploited by combining multiple actions in a way the original code did not anticipate.

The team was initially surprised that the largest pool remained safe and determined that this was due to limited flashloan liquidity on that network—essentially, a matter of luck that prevented a bigger loss.

After analyzing the exploit, the Bunni team determined that unpausing withdrawals alone would be safe because the exploit relied on swaps, which remain paused. They conducted thorough fork testing, particularly with help from Cyfrin, to ensure withdrawals functioned correctly without risk. Based on these tests, the team unpaused withdrawals across all networks, allowing liquidity providers to safely withdraw their assets while keeping deposits and swaps paused to prevent further exploits.

The Bunni team has taken several steps to pursue the exploiter. Tracing the stolen funds hit a dead end since the wallets were funded via Tornado Cash, making identification difficult. The Bunni team contacted the attacker on-chain, offering to return 90% of the stolen funds if the majority is returned. They also alerted centralized exchanges to block the attacker’s wallets from cashing out the stolen assets. Additionally, they have engaged law enforcement to explore legal options if the funds are not returned, showing a commitment to exhaust all possible avenues for fund recovery. TenArmor has noted that it "appears that the attacker's profit was deposited into Aave".

The stolen funds from the Bunni exploit are currently held in two specific wallets. The team tried to trace the attacker by following the funding paths but hit a dead end because the funds were routed through Tornado Cash, which anonymizes transactions.

In response, Bunni has reached out to the attacker on-chain, offering to return 10% of the stolen amount as a reward if the rest is returned. They have also informed centralized exchanges about the attacker’s wallets to block any attempts to cash out the stolen funds. Additionally, Bunni has involved law enforcement to pursue all possible legal actions if the funds aren’t voluntarily returned. The team has committed to exploring every possible avenue to recover the stolen assets.

Several key aspects of the situation are still ongoing for the Bunni team. The stolen funds remain in attacker-controlled wallets, and despite attempts to trace and identify the exploiter, the use of privacy tools like Tornado Cash has made this challenging. The team continues to pursue fund recovery by reaching out to the attacker with an incentive to return most of the stolen assets, notifying centralized exchanges to prevent the attacker from cashing out, and engaging law enforcement to explore all legal avenues. A bounty of $500,000 is now available for information that leads to the successful arrest of the perpetrators.

On the security front, the Bunni team is actively working on fixing the vulnerabilities that led to the exploit. While they have made an important change to the rounding logic that prevented the exploit from being profitable, they are still exploring whether this fix might introduce new risks. To that end, they report they are enhancing their testing frameworks with more complex and thorough scenarios, including better fuzz and invariant tests, to ensure the protocol is robust against future attacks.

The protocol itself remains partially paused. Withdrawals have been safely re-enabled, allowing liquidity providers to access their funds, but other critical functions like deposits and swaps remain disabled. The team is prioritizing securing the system fully before restoring complete functionality, aiming to protect users and rebuild trust in the platform.

Bunni, a decentralized exchange built on Uniswap v4 with innovative liquidity management features, suffered an $8.4 million exploit due to a subtle rounding bug in its withdrawal logic that went undetected despite extensive testing. The attacker used flashloans and a sequence of small withdrawals to manipulate the pool’s liquidity estimates, enabling a profitable sandwich attack on two pools, while the largest pool was spared due to limited flashloan liquidity. In response, Bunni paused most functions but safely re-enabled withdrawals for users, and is actively pursuing the attacker—who obscured funds through Tornado Cash—by offering incentives for fund return, notifying exchanges, and involving law enforcement. The team is also focused on fixing the vulnerability, enhancing testing frameworks, and preparing for a secure relaunch.

TenArmor - "Our system has detected a suspicious attack involving #Bunni @bunni_xyz on #ETH, resulting in an approximately loss of $2.3M." - Twitter/X (Sep 19)
Attack Transaction - Etherscan (Sep 19)
Attacker Address - Etherscan (Sep 19)
Attacker Address Funded - Etherscan (Sep 19)
Bunni - "The Bunni app has been affected by a security exploit. As a precaution, we have paused all smart contract functions on all networks. Our team is actively investigating and will provide updates soon. Thank you for your patience." - Twitter/X (Sep 19)
Bunni - "Exploit Update: As far as we know, only two Bunni pools were exploited: USDC/USDT on Ethereum Mainnet and ETH/weETH on Unichain. We’re still investigating. All Bunni's instances are still paused." - Twitter/X (Sep 19)
@bunni_xyz Twitter (Sep 19)
Attack Transaction On Unichain (Sep 19)
Bunni - "Bunni’s frontend is unaffected by the NPM package supply chain attack, and https://bunni.xyz is NOT impacted. We advise against onchain transactions for now; no user action required." - Twitter/X (Sep 19)
Bunni - "Today the Timeless Foundation is launching a 108-ETH reward, worth $500,000, to encourage tips that lead to the Bunni protocol attacker's arrest and the return of all stolen funds." - Twitter/X (Sep 19)
Bunni Twitter/X Account (Sep 19)
Bunni - "Rehypothecation is a game changer." - Twitter/X (Sep 19)
Bunni LinkTree (Sep 19)

More case studies

Unverified Contract uniswapV3Callback
Lacking Access Control

Nemo Protocol Unaudited Deployment
Public Flash Loan Attack