Clara
All incidents

BambooAI Hidden LP Drain

Share
Jul 04, 2023 12:06 UTCAttackLoss: 11.91 WBNB, 1,346,543,964.61 BAMBOOPending manual check1 exploit txWindow: Atomic
Estimated Impact
11.91 WBNB, 1,346,543,964.61 BAMBOO
Label
Attack
Exploit Tx
1
Addresses
2
Attack Window
Atomic
Jul 04, 2023 12:06 UTC → Jul 04, 2023 12:06 UTC

Exploit Transactions

TX 1BSC
0x88a6c2c3ce86d4e0b1356861b749175884293f4302dbfdbfb16a5e373ab58a10
Jul 04, 2023 12:06 UTCExplorer

Victim Addresses

0xed56784bc8f2c036f6b0d8e04cb83c253e4a6a94BSC
0x0557713d02a15a69dea5dd4116047e50f521c1b1BSC

Loss Breakdown

11.91WBNB
1,346,543,964.61BAMBOO

Similar Incidents

CS Pair Balance Burn Drain

35%
May 23, 2023 16:43 UTC·954,285 USDT

NeverFallToken LP Drain

34%
May 02, 2023 16:45 UTC·383,353.99 USDT +1 more

SafeMoon LP Burn Drain

34%
Mar 28, 2023 19:26 UTC·28,355.85 WBNB

Sheep Burn Reserve Drain

33%
Feb 10, 2023 10:38 UTC·9.54 WBNB

STO Pending-Sell Burn Reserve Manipulation

33%
Feb 23, 2026 11:39 UTC·26.57 BNB +1 more

GGGTOKEN Treasury Drain via receive()

33%
May 12, 2023 02:10 UTC·172,248.76 USDT

Root Cause Analysis

BambooAI Hidden LP Drain

1. Incident Overview TL;DR

BambooAI on BSC exposed a public, permissionless reserve-manipulation path in its token transfer logic. Before seed transaction 0x88a6c2c3ce86d4e0b1356861b749175884293f4302dbfdbfb16a5e373ab58a10 in block 29668036, trading was already open, sale was already initialized, and the Pancake BAMBOO/WBNB pair 0x0557713d02a15a69dea5dd4116047e50f521c1b1 held live liquidity. Under that public pre-state, any BAMBOO holder could trigger BambooAI’s hidden updatePool path, drain 1% of each qualifying transfer from the LP into a hard-coded sink, force the pair to sync(), and then sell BAMBOO into the manipulated pool for WBNB. The seed attacker used helper contract 0xcdf0eb202cfd1f502f3fdca9006a4b5729aadebc and realized 11.913501282999043656 WBNB before gas; after subtracting 0.327148885046735555 BNB-equivalent gas paid by the controller EOA, the net delta was 11.586352397952308101 BNB-equivalent. No non-monetary success predicate was needed.

The root cause is BambooAI’s private updatePool(uint256 amount) routine, which directly edits the BAMBOO balance recorded for the LP and immediately calls sync() from an ordinary _transfer path. That breaks the core AMM invariant that reserve changes must come only from legitimate swap or liquidity flows that are explicitly accounted for by token movement and pair events.

2. Key Background

BambooAI (0xed56784bc8f2c036f6b0d8e04cb83c253e4a6a94) is a fee-on-transfer token deployed on BSC with a hard-coded Pancake router at 0x10ED43C718714eb63d5aA57B78B54704E256024E. In its constructor it creates and stores the BAMBOO/WBNB pair 0x0557713d02a15a69dea5dd4116047e50f521c1b1, so LP interactions are first-class protocol state rather than external configuration.

The contract also stores an immutable variable named Factory, but it is not the Pancake factory. The verified source assigns Factory = address(routerHash), and routerHash decodes to 0xf1d8f914dc5693de077c4dc10005703c8389ab43. Validator-side chain reads confirm that this hidden sink is a transparent proxy whose owner() at block 29668035 is 0x9B71B4Dc9E9DCeFAF0e291Cf2DC5135A862A463d, and whose EIP-1967 admin slot points to 0xc38e0c775fbceba0eb7ab9b71aa67fea0bd04675.

From the same pre-state, the token had tradingOpen=true and a non-zero sale, which is the exact condition needed to arm the hidden reserve mutation. The seed metadata and verified source therefore establish the public ACT setup completely: live trading, live LP liquidity, and an ERC20 transfer path that any unprivileged holder can invoke.

Verified BambooAI constructor snippet:

constructor() {
    IUniswapV2Router02 _uniswapV2Router = IUniswapV2Router02(
        0x10ED43C718714eb63d5aA57B78B54704E256024E
    );

    uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(
        address(this),
        _uniswapV2Router.WETH()
    );

    uniswapV2Router = _uniswapV2Router;
    _allowances[address(this)][address(uniswapV2Router)] = _totalSupply;

    Factory = address(routerHash);
}

3. Vulnerability Analysis & Root Cause Summary

The vulnerability is a deliberately hidden LP reserve mutation embedded inside BambooAI’s standard transfer path. Once sale > 0, every transfer from a sender that is not marked as a market pair executes updatePool(amount) before the token completes its ordinary balance move. updatePool checks only that amount > 10000 and that the pair currently holds more BAMBOO than amount, then computes fA = amount / 100, subtracts fA from _balances[uniswapPair], credits _balances[Factory], and calls IUniswapV2Pair(uniswapPair).sync(). This means the pair’s BAMBOO reserve can be reduced without any corresponding WBNB outflow or legitimate swap input. The balance mutation is invisible as a BAMBOO Transfer from the pair to the hidden sink, so on-chain observers see the pair resynced around a silently reduced reserve. An attacker only needs BAMBOO inventory and the ability to cause repeated transfers between addresses they control, then they can sell BAMBOO into the manipulated pair for excess WBNB. That is a direct AMM reserve-integrity violation, not a pricing side effect or privileged admin action.

Verified BambooAI transfer path and breakpoint:

function _transfer(
    address sender,
    address recipient,
    uint256 amount
) private returns (bool) {
    ...
    if (!isMarketPair[sender] && sale > 0) updatePool(amount);
    ...
}

function updatePool(uint256 amount) private {
    if (amount > 10000 && balanceOf(uniswapPair) > amount) {
        uint256 fA = amount / 100;
        _balances[uniswapPair] = _balances[uniswapPair].sub(fA);
        _balances[Factory] = _balances[Factory].add(fA);
        try IUniswapV2Pair(uniswapPair).sync() {} catch {}
    }
}

4. Detailed Root Cause Analysis

The ideal invariant is straightforward: the Pancake BAMBOO/WBNB pair reserve should change only through explicit, auditable liquidity or swap flows in which the pair’s balances and emitted accounting events correspond to actual value transfer. BambooAI breaks that invariant inside its own token accounting.

After trading is enabled, BambooAI treats any non-pair sender as eligible to run updatePool. The attacker therefore does not need ownership, presale access, whitelisting, or any private integration with the hidden sink. They only need to hold BAMBOO and choose a transfer amount above 10000 raw units while the pair still has more BAMBOO than that amount. Every qualifying transfer removes amount / 100 BAMBOO directly from the pair balance, credits the hidden sink 0xf1d8f914dc5693de077c4dc10005703c8389ab43, and forces the pair to resynchronize to the lower BAMBOO reserve.

Because sync() updates the pair reserves to the already-mutated balances, the AMM state begins to price BAMBOO as scarcer than it should be. The attacker can loop ordinary transfers between controlled addresses or helper contracts to repeat the hidden drain, then dispose of BAMBOO into the now-mispriced pair. No secret, no privileged callback, and no attacker-specific bytecode is required; the exploitability is in the victim token’s public _transfer path itself.

Representative seed trace excerpt from the recorded on-chain execution shows the attack closing with a BAMBOO sale into the pair and a large WBNB payout to the attacker helper:

0x10ED43...024E::swapExactTokensForTokensSupportingFeeOnTransferTokens(
    135744542131496799520, 0,
    [0xED56784bC8F2C036f6b0D8E04Cb83C253e4a6A94, 0xbb4CdB9CBd36B01bD1cBaEBF2De08d9173bc095c],
    0xCdf0eB202cfD1f502F3fdca9006A4b5729AadEBC, 1688472389
)
  BambooAI::transferFrom(0xCdf0..., PancakePair, 135744542131496799520)
  PancakePair::swap(1218773288555205031879, 0, 0xCdf0..., 0x)
    WBNB::transfer(0xCdf0..., 1218773288555205031879)

The collector balance diff independently confirms that the pair’s BAMBOO balance fell from 137115699122724039920 to 135769155158116274841, a loss of 1346543964607765079 raw BAMBOO units, while the controller EOA paid 327148885046735555 wei in gas. Combined with the receipt-backed WBNB inflow into the attacker helper, the exploit path and profit predicate are deterministic.

5. Adversary Flow Analysis

The seed adversary cluster is:

  • Controller EOA 0x00703face6621bd207d3b4ac9867058190c0bb09
  • Helper contract 0xcdf0eb202cfd1f502f3fdca9006a4b5729aadebc

The lifecycle observed on-chain is:

  1. Helper deployment. Transaction 0x2f7defca7f7a014f740399cceee6382e01c2929a95bf35f4a434765a85e52272 was sent by 0x00703face6621bd207d3b4ac9867058190c0bb09 and created the helper later used in the exploit.
  2. Reserve manipulation and exit. Transaction 0x88a6c2c3ce86d4e0b1356861b749175884293f4302dbfdbfb16a5e373ab58a10 in block 29668036 called the helper, which repeatedly exercised BambooAI transfer paths that reached updatePool, reduced LP BAMBOO reserves, and then exited through the Pancake pair into WBNB.
  3. Independent replay in the same block. Validator-side chain reads show transaction 0x5abde3804002e3625dddb48407204d107eae65069df938489737eadcd79f282f at the same block was sent by a different EOA, 0xf84efa8a9f7e68855cf17eaac9c2f97a9d131366, to a different helper, 0x10f30e05a877e48503387391075dd693836d9701. That corroborates the ACT classification: the strategy was not unique to one attacker artifact.

The root-cause exploit conditions are all satisfied in the seed incident:

  • tradingOpen was already true.
  • sale was already non-zero.
  • The attacker held enough BAMBOO for transfers above 10000 raw units.
  • The BAMBOO/WBNB pair still held enough liquidity for both reserve drain and exit.

Additional related transactions captured in root_cause.json are 0xba65359dd84a1bbf355fe42cb13b724d56ec5302234f9899282adbd3c4a71fc2 and the same-block replay 0x5abde3804002e3625dddb48407204d107eae65069df938489737eadcd79f282f.

6. Impact & Losses

The exploit depletes both sides of the LP:

  • WBNB extracted by the seed attacker helper: "11913501282999043656" raw wei, with decimal = 18
  • BAMBOO removed from the pair during the seed exploit: "1346543964607765079" raw units, with decimal = 9

The impact is not limited to mark-to-market mispricing. BambooAI permanently siphons BAMBOO inventory from the LP into the hidden sink while also enabling the attacker to cash out WBNB against the manipulated reserve state. The affected public components are BambooAI itself and the Pancake BAMBOO/WBNB pair.

7. References

  • Seed tx metadata: /workspace/session/artifacts/collector/seed/56/0x88a6c2c3ce86d4e0b1356861b749175884293f4302dbfdbfb16a5e373ab58a10/metadata.json
  • Seed tx balance diff: /workspace/session/artifacts/collector/seed/56/0x88a6c2c3ce86d4e0b1356861b749175884293f4302dbfdbfb16a5e373ab58a10/balance_diff.json
  • Seed tx trace: /workspace/session/artifacts/collector/seed/56/0x88a6c2c3ce86d4e0b1356861b749175884293f4302dbfdbfb16a5e373ab58a10/trace.cast.log
  • BambooAI verified source: /workspace/session/artifacts/collector/seed/56/0xed56784bc8f2c036f6b0d8e04cb83c253e4a6a94/src/Contract.sol
  • Seed exploit tx: https://bscscan.com/tx/0x88a6c2c3ce86d4e0b1356861b749175884293f4302dbfdbfb16a5e373ab58a10
  • Corroborating same-block exploit tx: https://bscscan.com/tx/0x5abde3804002e3625dddb48407204d107eae65069df938489737eadcd79f282f
  • BambooAI address page: https://bscscan.com/address/0xed56784bc8f2c036f6b0d8e04cb83c253e4a6a94
  • Pancake BAMBOO/WBNB pair address page: https://bscscan.com/address/0x0557713d02a15a69dea5dd4116047e50f521c1b1