This is a lower bound: only assets with reliable historical USD prices are counted, so the actual loss may be higher.
0xec317deb2f3efdc1dbf7ed5d3902cdf2c33ae512151646383a8cf8cbcd3d45770xd520a3b47e42a1063617a9b6273b206a07bdf834BSC0xcb5a02bb3a38e92e591d323d6824586608ce8ce4BSC0xaf0980a0f52954777c491166e7f40db2b6fbb4fcBSCOn BSC block 16886439, transaction 0xec317deb2f3efdc1dbf7ed5d3902cdf2c33ae512151646383a8cf8cbcd3d4577 let an unprivileged attacker convert temporary AMM price manipulation into permanent protocol value extraction. The attacker used flash-borrowed Pancake liquidity to move the ELEPHANT/WBNB spot price, then called Elephant Money helper 0xd520a3b47e42a1063617a9b6273b206a07bdf834 to mint and redeem against Treasury-backed accounting before unwinding and repaying the flash borrows.
The root cause was not a treasury permission bypass. The root cause was that the publicly callable helper trusted same-transaction Pancake spot quotes for Treasury-backed mint and redeem flows while the helper was already whitelisted in both protocol treasuries.
Elephant Money exposed a protocol-owned helper contract at 0xd520a3b47e42a1063617a9b6273b206a07bdf834. That helper surfaced public quote and execution functions for minting and redeeming ELEPHANTDollar and routed pricing through PancakeSwap. The relevant selector map shows both quote functions and execution functions on the same public surface:
0x16f5782e estimateCoreToCollateral(uint256)
0x1a5b7e56 estimateCollateralToCore(uint256)
0x8bba1f08 estimateRedemption(uint256)
0xd4bb0183 estimateMint(uint256)
0xa0712d68 mint(uint256)
0xdb006a75 redeem(uint256)
0x9c27b7bd redeemCollateralCreditToWETH(uint256)
The helper mattered because both Treasury contracts already trusted it. Their verified source code gates withdraw(uint256) only by the caller whitelist:
mapping(address => bool) public whitelist;
modifier onlyWhitelisted() {
require(whitelist[msg.sender], "not whitelisted");
_;
}
function withdraw(uint256 _amount) public onlyWhitelisted {
require(token.transfer(_msgSender(), _amount));
}
Independent pre-exploit proofs show whitelist(helper) == true for both Treasury contracts:
BUSD Treasury 0xcb5a02bb3a38e92e591d323d6824586608ce8ce4: true
ELEPHANT Treasury 0xaf0980a0f52954777c491166e7f40db2b6fbb4fc: true
The vulnerability class is a spot-price-oracle failure inside a privileged protocol helper. The helper combined two powers that should not have been combined on a public path: it could derive mint and redemption values from live Pancake spot state, and it could settle those values using Treasury-backed assets because the treasuries already whitelisted it. The attacker therefore did not need governance keys, protocol roles, or any private orderflow. The only requirement was enough public AMM liquidity to move the ELEPHANT/WBNB price inside one transaction. Once the attacker distorted reserves, the helper converted that temporary state into a large ELEPHANTDollar mint and a Treasury-backed redemption. The loss persisted after the price manipulation was unwound because the Treasury transfers were final.
The helper bytecode independently confirms that its pricing and execution logic is wired directly to Pancake router functionality. Its disassembly contains repeated references to getAmountsOut(uint256,address[]) (0xd06ca61f) and Pancake swap selectors including swapExactTokensForTokensSupportingFeeOnTransferTokens (0x5c11d795).
That design breaks the following invariant: Treasury-backed mint and redemption must not depend on manipulable same-transaction AMM spot state. Elephant Money violated that invariant by allowing a public caller to change the ELEPHANT/WBNB reserves and then immediately ask the helper to price and settle mint and redeem flows from those altered reserves.
The seed transaction trace shows the helper using Treasury-backed ELEPHANT flow during the exploit. In the mint/redeem sequence, the trace records Treasury-side ELEPHANT moving into the helper and then out to the attacker-controlled contract:
emit Transfer(from: 0xAF0980A0f52954777C491166E7F40DB2B6fBb4Fc, to: 0xD520a3B47E42a1063617A9b6273B206a07bDf834, value: 140806533635790745962771)
...
emit Transfer(from: 0xD520a3B47E42a1063617A9b6273B206a07bDf834, to: 0xBCEda90b2880feA5d511d54716229145508996dA, value: 140806533635790745962771)
The same trace also shows the helper consulting and using Pancake router paths in the exploit path:
PancakeRouter::WETH() [staticcall]
PancakeRouter::swapExactTokensForETHSupportingFeeOnTransferTokens(
140806533635790745962771,
0,
[ELEPHANT, WBNB],
attacker_contract,
1649782173
)
The balance diff closes the loop. The attacker EOA 0xe552133cc829a7f7e98e349763fac7ab0f3828b0 gained 27416299660449196663328 wei net, while the ELEPHANT Treasury 0xaf0980a0f52954777c491166e7f40db2b6fbb4fc lost 20883240576300107707391196832889477172395166118185548938166844998913021805984 raw ELEPHANT units. Those post-state effects are consistent with Treasury-backed settlement priced off a manipulated same-transaction oracle.
The attacker EOA 0xe552133cc829a7f7e98e349763fac7ab0f3828b0 first deployed orchestration contract 0xbceda90b2880fea5d511d54716229145508996da in transaction 0xb8c95ff7510b8ca13172646c2bab0602adff05ad7eb5199f111a1699826c63bd. In the exploit transaction, that contract nested flash borrows from Pancake pairs 0x16b9a82891338f9bA80E2D6970FddA79D1eb0daE, 0x0eD7e52944161450477ee417DE9Cd3a859b14fD0, and 0x7EFaEf62fDdCCa950418312c6C91Aef321375A00.
The first critical on-chain step was reserve manipulation of ELEPHANT/WBNB pair 0x1CEa83EC5E48D9157fCAe27a19807BeF79195Ce1. Collector logs around indices 176 through 184 show the flash-borrowed assets entering and the pair emitting Sync and Swap, which is the price-moving precondition referenced by the root cause.
After shifting price, the attacker called the helper’s public mint path, then sold and redeemed the minted ELEPHANTDollar through the helper’s public redeem path. The helper emitted value-bearing transfers while internally using Pancake router flows and Treasury-backed assets. Finally, the attacker unwound the manipulated market state, repaid all flash borrows, and retained the residual profit.
The incident realized a net attacker profit of 27416.299660449196663328 BNB after gas, as shown by the seed native balance diff. The protocol also experienced a large Treasury-side ELEPHANT depletion. The root cause artifact records the concrete loss set as:
[
{
"token_symbol": "WBNB",
"amount": "27627652747150501614806",
"decimal": 18
},
{
"token_symbol": "ELEPHANT",
"amount": "20883240576300107707391196832889477172395166118185548938166844998913021805984",
"decimal": 18
}
]
The security impact is broader than the individual transaction. A public helper with Treasury authority turned temporary market-state manipulation into protocol-funded value transfer, breaking the backing assumptions of the mint and redemption system.
0xec317deb2f3efdc1dbf7ed5d3902cdf2c33ae512151646383a8cf8cbcd3d45770xb8c95ff7510b8ca13172646c2bab0602adff05ad7eb5199f111a1699826c63bd0xd520a3b47e42a1063617a9b6273b206a07bdf8340xcb5a02bb3a38e92e591d323d6824586608ce8ce40xaf0980a0f52954777c491166e7f40db2b6fbb4fc0x1cea83ec5e48d9157fcae27a19807bef79195ce116886438