Hunny Finance
Published in

Hunny Finance

PancakeHunny Post Mortem Analysis

Dear PancakeHunny Community,

As mentioned in the medium post earlier, there was an incident that happened in PancakeHunny.

This article includes a detailed analysis of the incident in its entirety to ascertain the nature of the attack and prevent any similar exploits in the future.

No hives (vaults) were breached. All funds are safe. Our hives are auto-compounding as per usual, with their rewards being in the native token only.

Read the preliminary report for more basic information.

Here’s a report and a detailed timeline on what the exploiter did:

Exploiter’s wallet address: 0x0ef50be29c82ecf2158ec1886dc6692a2b0db411

Total exploited transactions: 100

Total BNB gained by the attacker: 216 BNB

3rd June 2021

at 01:46 UTC Attacker deployed a contract and added 0.5 BNB from an external wallet address: 0x6be5a267b04e9f24cdc1824fd38d63c436be91ab

At 02:12 UTC — The attack begins.

  1. WBNB was swapped to CAKE at PancakeSwap
  2. The attacker sent CAKE to our HUNNY Minter contract
  3. The attacker staked on CAKE-BNB Hive in PancakeHunny
  4. HUNNY Minter was “tricked” to mint more HUNNY tokens
  5. The attacker then un-staked from CAKE-BNB Hive to receive the HUNNY tokens from the Minter
  6. The attacker then sold the HUNNY tokens on PancakeSwap

At 02:42 UTC — Attacker converted all remaining wBNB into ETH and was sent to an external wallet address: 0x2E5Ea63d69b2ed33C869eED58433f0F799E1F7AA

End of attack.

What immediate actions did we take?

At 02:42 UTC — We have halted our Minter to protect our users from any further potential issues that could arise. We then immediately started to review and enhance our smart contracts.

What specific services were affected?

All of our Hives are unaffected. Since the minter was switched off, we were unable to allocate HUNNY profits to the respective Hives. This has since been resumed as of 10:40 UTC.

Due to the nature of the attack, users who have staked in our HUNNY Hive should observe an increase in the profit as well as an increase in the unlocked HUNNY amount. This is because our Minter also distributed more profits to the HUNNY Hive. In short, other than a price dip, our users are actually benefitting from the higher profits (wBNB) gained from Hunny Hive.

Our Way Forward

We have since changed the logic behind the HUNNY Minter, whereby it will only mint HUNNY based on the profits received from vaults. We will continue to implement our anti-whale feature to protect our Hives until further notice. Our enhanced codes have also been sent to CertiK for audit. We will announce the result of the audit upon completion. Team PancakeHunny will continue to utilise our earned fees to initiate a buyback and burning of HUNNY tokens until HUNNY returns to the price before the attack.

Team PancakeHunny is committed to building and delivering our road map. In a week’s time, our swap function will go live, our farms will be expanded to offer more variety for our users and by the end of the month, HunnyPoker and HunnyLottery will go live as well. We are also working on delivering HunnyMall, featuring our limited HunnyBunnies NFTs and Cross-Chain farms. We will bring you only the best that we can offer.

Final Thoughts

Although this incident happens 2 days after our listing on PancakeSwap, all our hives are intact and unaffected. We’ve taken the chance to restructure our internal processes. This has made us stronger and more resilient than ever before. Again, we would like to emphasize that all funds are SAFU. Although with a price dip, HUNNY is still priced above our initial launch price, and with our very much anticipated developments ahead, we are ready to soar with you.

We are committed to providing a great DeFi platform with integrations of Poker, Lottery, NFT, and further gamification. We are here to restore the community’s confidence in PancakeHunny and create a better user experience for all.

Last but not least, we would like to thank our community for the great support and encouragement thus far.
Keep Hodling #NoHunnyNoMoney #NHNM

--

--

--

Enhance and Optimise your Defi yield farm in Binance Smart Chain (BSC) with $HUNNY. Smart staking your coins the easy way to get higher APY.

Recommended from Medium

“I’m Watching You, Wazowksi! Always Watching:” Cybersecurity in an Online World

CloudSEK CTF Writeup

Performing operations on encrypted data using homomorphic encryption

Cadaver — Exploit HTTP PUT Vulnerability

Zano Project Update (21–06–21) — Hard Fork Success, Research Team Status and Current Development…

What Are The Fundamental Services Provided By Security? Hint: CIA Is Not The Answer

The CIA Triad Is Incorrect!

Actions Speak Louder than Words: The Problem of Russian Cyber Intervention

InvArch. About the mechanism of plagiarism detection.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hunny Finance

Hunny Finance

Hunny — Enhance and Optimise your Defi yield farm for Binance Smart Chan (BSC). Website: Hunny.finance

More from Medium

StackOS Node Program Update — Lottery & Auction For The Genesis Nodes

December Report 🚨📰

Guide: New Pangolin Bonds on Olympus Pro