Bunni Protocol

2022-01-01

Bunni v1 launches on Ethereum, wrapping Uniswap v3 LP NFTs into fungible ERC-20 tokens and introducing the LIT/veLIT gauge-and-bribe system.

2024-08-01

Pashov Audit Group completes a Bunni v2 security review, identifying 45 issues including 6 critical findings.

2025-01-01

Trail of Bits audit flags rounding and arithmetic concerns (TOB-BUNNI-13) and excess-liquidity manipulation (TOB-BUNNI-9), recommending improved rounding logic and fuzz-testing coverage.

2025-02-01

Bunni v2 launches on Ethereum Mainnet, Base, and Arbitrum as the first DEX built on Uniswap v4 hooks.

2025-06-01

Cyfrin audit identifies 50+ issues and warns that 'complex bugs still present' are statistically likely, advising against further scaling without additional security work. TVL surges from $2.4M to $23.9M immediately after publication.

2025-08-19

Bunni v2 TVL reaches a reported peak near $80 million.

2025-09-02

Flash-loan exploit drains $8.4M from Bunni v2 USDC/USDT pool (Ethereum, $2.4M) and weETH/ETH pool (Unichain, $5.9M) via a rounding-direction vulnerability in BunniHubLogic::withdraw(). Attacker wallets were funded through Tornado Cash.

2025-09-02

Bunni team pauses all smart-contract functions within two hours of initial exploit alerts and assembles a security war room. An on-chain message offers the attacker a 10% white-hat bounty; it goes unanswered.

2025-10-10

Bunni team announces permanent shutdown on X, citing inability to fund a six-to-seven-figure secure relaunch. TVL has declined from $50.8M to $1.3M since the exploit.

2025-10-23

CoinDesk reports on the Bunni shutdown. The team confirms remaining treasury will be distributed to token holders (excluding team), v2 contracts relicensed to MIT, and cooperation with law enforcement is ongoing.