This is a lower bound: only assets with reliable historical USD prices are counted, so the actual loss may be higher.
0xd6e5d399b4a9df00bc890aa1462a8de01e8e28027d8a5d5607516ec54ce251a60x3ff3f18b5c113fac5e81b43f80bf438b99edee52BSC0x774547ea9d2a0cc79db3288f61e989f1b06bcd2fBSCOn BSC block 83955808, transaction 0xd6e5d399b4a9df00bc890aa1462a8de01e8e28027d8a5d5607516ec54ce251a6 executed a permissionless, flash-loan-backed exploit against BUBU2 liquidity.
An unprivileged adversary triggered BUBU2’s internal daily burn/mint routine from a normal transfer path. That routine directly debited BUBU2 tokens from the live BUBU2-WBNB LP pair (0x774547ea9d2a0cc79db3288f61e989f1b06bcd2f) and then called sync(), forcing the AMM to accept manipulated reserves. The adversary then sold BUBU2 into the distorted pool, repaid the flash loan, and realized net WBNB profit.
Root cause: the token contract allows non-exempt external transfer flow to permissionlessly invoke _triggerDailyBurnAndMint(), and that function performs LP-balance debits via super._update(uniswapPair, ...) before reserve resync.
BUBU2 (0x3ff3f18b5c113fac5e81b43f80bf438b99edee52) is traded against WBNB (0xbb4cdb9cbd36b01bd1cbaebf2de08d9173bc095c) on PancakeSwap pair 0x774547ea9d2a0cc79db3288f61e989f1b06bcd2f.
For AMM safety, reserve-affecting token movements must remain consistent with swap/liquidity accounting. If a token contract can directly debit the pair’s balance out-of-band and then force reserve sync, market price can be pushed to an artificial state.
The exploit used a public flashloan source (0x6098a5638d8d7e9ed2f952d35b2b67c34ec6b476) and public router paths. No privileged owner/admin function was called by the attacker transaction.
The vulnerable logic is in BUBU2 transfer handling and the burn/mint trigger routine.
First, _update contains a trigger gate that is reachable from ordinary non-exempt transfer senders. When conditions are met, it calls _triggerDailyBurnAndMint().
Second, _triggerDailyBurnAndMint() computes rounds = (nowTime - lastTriggerTime) / TRIGGER_INTERVAL, so inactivity can magnify the amount moved. It then calculates burn/award quantities from current LP token balance and executes direct balance debits from the pair address to non-pair destinations.
Third, it calls IUniswapV2Pair(uniswapPair).sync() immediately afterward. This commits manipulated balances into reserves.
This violates LP reserve-integrity and least-privilege principles for reserve-affecting state transitions. The exploit is ACT (is_act=true) because any unprivileged actor can combine the same public state and public primitives to realize profit.
Relevant victim code (BUBU2 source):
if (
!swapping &&
!isTaxExempt[from] &&
from != address(this) &&
!pairs[from] &&
!isAdd &&
from != address(uniswapV2Router) &&
burnAndMintSwitch
) {
swapping = true;
_triggerDailyBurnAndMint();
swapping = false;
}
uint256 rounds = (nowTime - lastTriggerTime) / TRIGGER_INTERVAL;
...
uint256 blackAndLPAwardAmount = liquidityPairBalance
.mul(BURN_BLACK_PERCENT.add(BURN_AWARD_PERCENT))
.mul(rounds)
.div(BASE_PERCENT);
...
super._update(uniswapPair, address(lpAddress), holdLPAwardAmount);
super._update(uniswapPair, BLACK_ADDRESS, blackAmount);
IUniswapV2Pair(uniswapPair).sync();
This is the direct invariant breakpoint: pair-held token balances are altered by token-internal logic not tied to normal AMM reserve-preserving operations.
High-verbosity trace confirms the exploit stages in the same transaction:
trace line 40513: ...::flashLoan(18400000000000000000, ...)
trace line 40631: emit TriggerDailyBurnAndMint(... rounds: 199)
trace line 40632: 0x7745...cd2f::sync()
trace line 40763: WBNB::transfer(0x000000006723cfa477656c08d08882d366c0e8fb, 32176361483602658753)
Balance-diff evidence for tx 0xd6e5...251a6 matches this mechanism:
1647778423303789868831101738.1381589928535545711745314609.99074355704571107 to 32275435839307229860 (+32176361483602658753).ACT pre-state at block 83955808:
burnAndMintSwitch enabled.lastTriggerTime stale enough to produce rounds > 0 (observed rounds=199).Success predicate was profit in WBNB after loan repayment and fees. The transaction paid about 0.1000314942127 BNB-equivalent as tx value+gas, while ending with strictly positive WBNB delta.
Adversary-related accounts identified in this incident:
0x000000006723cfa477656c08d08882d366c0e8fb0x936eee4603751956db2e1b0fb13885a1176542df0xaeee14beaac31e7c7c03720f1b173a3fe110664dVictim-side components:
0x3ff3f18b5c113fac5e81b43f80bf438b99edee520x774547ea9d2a0cc79db3288f61e989f1b06bcd2fEnd-to-end flow:
18.4 WBNB from public pool._triggerDailyBurnAndMint.sync() updates reserves to manipulated values.This is a single adversary-crafted public transaction and does not rely on private keys, privileged contracts, or non-public data.
Measured transaction-level impacts:
1647778423303789868831101738.32176361483602658753.Effect: severe LP reserve distortion and localized mispricing enabled deterministic extraction of value in one block.
Security principles violated:
0xd6e5d399b4a9df00bc890aa1462a8de01e8e28027d8a5d5607516ec54ce251a6 (BSC)._update, _triggerDailyBurnAndMint).0x3ff3f18b5c113fac5e81b43f80bf438b99edee520x774547ea9d2a0cc79db3288f61e989f1b06bcd2f0xbb4cdb9cbd36b01bd1cbaebf2de08d9173bc095c0x6098a5638d8d7e9ed2f952d35b2b67c34ec6b476