BurgerSwap: Reentrancy via non-standard BEP-20 + missing x*y=k invariant check
BurgerSwap lost $7.2M because its Uniswap V2 fork was missing the `x*y≥k` constant-product invariant check — meaning anyone could extract unlimited output from any pool with a 1-unit input.
Summary #
BurgerSwap suffered a DEX / AMM (Uniswap V2 fork) on 2021-05-28, resulting in a loss of approximately $7M.
What happened #
BurgerSwap lost $7.2M because its Uniswap V2 fork was missing the `x*y≥k` constant-product invariant check — meaning anyone could extract unlimited output from any pool with a 1-unit input.
Linked factors #
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited]
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: None identified]
- RD-F-100 — illustrative : Flash loan > $10M origination — RT signal [via realtime_signals/Unusual borrowing (Y/N): Y — 6,000 WBNB flash swap]
- RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked?: Yes — Uniswap V2 fork with the x*y≥k invariant check deliberately or accidentally removed]