BearnFi
HackedDeFi · $BFI · born 2021 · ✝ 2021
A broken withdraw path bled ~$18M on BSC.
BearnFi (Bearn.fi) was a yield-aggregation and stablecoin protocol on BNB Chain. In May 2021 an attacker exploited flawed withdrawal logic in its vaults, using flash loans to drain roughly $18M.
- Peak
- ~$18M stolen
- Cause
- Hacked
- Year of death
- 2021
☠️ Cause of death
The vault's withdraw function mishandled share-to-asset conversion, letting a flash-loan-funded attacker redeem more than they were owed.
📓 Lessons left behind
- —Verify the withdraw path against the deposit path's accounting.
- —Forked yield code inherits forked bugs.
- —Flash loans expose every weakness in vault math.
🌱 The idea that survived
Audited vault accounting
Reinforced rigorous share-accounting checks in yield-vault withdrawal logic.
#defi#flash-loan#vault