AutoShark Finance Mint Manipulation
A flash-loan SHARK/BNB price manipulation inflated AutoShark's minted reward, draining ~$745K on BSC in a near-exact replay of the PancakeBunny pattern.
- Date
- Victim
- AutoShark Finance
- Chain(s)
- Status
- Funds Stolen
On May 24, 2021 — five days after the PancakeBunny exploit — the BSC yield farm AutoShark Finance lost approximately $745,000 to a near-identical attack: a flash loan manipulated the SHARK/BNB price feeding the protocol's reward-mint calculation, causing it to mint vastly excessive SHARK, which the attacker dumped.
What happened
AutoShark calculated minted rewards from an on-chain SHARK/BNB price the attacker manipulated with flash-loaned capital — the same mechanism that drained PancakeBunny the week before. SHARK collapsed on the dump.
Aftermath
- Protocol effectively ended; no recovery.
Why it matters
AutoShark's value to the catalogue is its timing: it's a near-exact replay of PancakeBunny five days later, on the same chain, exploiting the same reward-mint-from-manipulable-price flaw. It is the cleanest possible demonstration of the catalogue's central thesis — the lesson was published, in detail, days before, and the next protocol shipped the identical bug anyway. Fork-driven growth phases don't just repeat old mistakes slowly over years; they sometimes repeat the same week's mistake within days, because the forks are too numerous and too fast to absorb even the most recent, most prominent post-mortem. The defensive answer (don't price rewards from a manipulable spot pool) had been freely available since bZx 2020.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-autoshark-hack-may-2021
- [02]coingape.comhttps://coingape.com/autoshark-finance-is-the-latest-victim-to-the-third-flash-loan-attack-on-binance-smart-chain-in-a-week/
- [03]rekt.newshttps://rekt.news/autoshark-rekt