AutoShark Finance: Flash loan + SharkMinter balance spoofing → excess native token minting
AutoShark, a PancakeBunny fork, was exploited for $745K using the identical flash-loan minter-balance attack — just 8 hours after PancakeBunny itself was hit.
Summary #
AutoShark Finance suffered a Yield Aggregator / Auto-compounding Vault on 2021-06-01, resulting in a loss of approximately $745K.
What happened #
AutoShark, a PancakeBunny fork, was exploited for $745K using the identical flash-loan minter-balance attack — just 8 hours after PancakeBunny itself was hit.
Linked factors #
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited]
- RD-F-006 — causal : Audit-deploy gap — alternate field name [via dashboard_risk_factors/Code newly deployed/upgraded?: N — newly deployed protocol (few days old)]
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: None identified]
- RD-F-076 — related : Protocol age (Cat 5 — < 6 months age signal) [via dashboard_risk_factors/Protocol age: Days to weeks old at time of exploit]
- RD-F-100 — illustrative : Flash loan > $10M origination — RT signal [via realtime_signals/Unusual borrowing (Y/N): Y — 100K BNB flash loan]
- RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Yes — direct fork of PancakeBunny (which had been exploited 8 hours earlier by the same vector)]