The $8.4 million flash-loan exploit that destroyed Bunni DEX on September 4, 2025, was not the result of a complex novel attack vector — it was a rounding error in custom liquidity mathematics that should have been caught during development. This tutorial walks advanced users and developers through the process of verifying DeFi pool implementations, specifically focusing on the types of precision-based vulnerabilities that led to the Bunni catastrophe. With Bitcoin at $110,723 and Ethereum at $4,298, the value at stake in DeFi smart contracts demands the highest level of technical due diligence.
The Objective
This tutorial aims to equip you with the methodology for independently verifying the mathematical correctness of concentrated liquidity pool implementations. By the end, you will understand how to identify rounding errors, precision loss, and boundary condition vulnerabilities in AMM smart contracts. You will also learn how to set up automated testing environments that can catch these issues before deployment.
Prerequisites
To follow this tutorial effectively, you should have experience with Solidity development and a working understanding of automated market maker mathematics. You will need Foundry installed for testing and fuzzing, Python 3.10+ for mathematical modeling, and familiarity with EVM execution semantics, particularly around fixed-point arithmetic. Understanding of Uniswap v3 and v4 concentrated liquidity concepts is essential, as the techniques covered here specifically target the types of custom implementations built on these frameworks.
Step-by-Step Walkthrough
Step 1: Isolate the mathematical core. Begin by extracting the core calculation functions from the pool smart contract. In Bunni’s case, this would include the swap, deposit, and withdrawal functions that perform token amount calculations. Create a standalone test file that imports only these mathematical functions, removing all external dependencies and state management logic. This isolation ensures that your tests focus purely on the arithmetic.
Step 2: Identify precision-sensitive operations. Review every arithmetic operation in the isolated functions, flagging any division, multiplication by fractional values, or operations that reduce precision. In Solidity, all arithmetic is performed in integer fixed-point representation. A rounding error of one wei per operation can compound to millions when multiplied across large positions and repeated transactions. The Bunni exploit worked because small rounding errors in withdrawal calculations, multiplied across hundreds of withdrawals, generated $8.4 million in excess value extraction.
Step 3: Build boundary condition tests. For each flagged operation, construct test cases that exercise boundary conditions. What happens when the input amount is one wei? The maximum uint256? When the pool is nearly empty? When reserves are perfectly balanced versus severely imbalanced? Pay special attention to operations that convert between different precision levels, such as token amounts with different decimal places.
Step 4: Implement property-based fuzzing. Use Foundry’s fuzz testing to generate thousands of random inputs for your isolated functions. Define invariants — mathematical properties that must always hold true regardless of input. For a liquidity pool, key invariants include: total pool value must never decrease after a swap, withdrawal amounts must never exceed the user’s proportional share, and the sum of all positions must equal the total pool reserves. The Bunni rounding error violated the second invariant — withdrawal amounts slightly exceeded the mathematically correct share.
Step 5: Model multi-step attack scenarios. The Bunni attack was not a single operation but a sequence: flash borrow, multiple swaps to manipulate state, numerous small withdrawals to harvest the rounding error, then sandwich attack to restore prices. Construct test scenarios that chain operations together, simulating how an attacker might combine multiple interactions to amplify a small vulnerability. Use the Foundry cheatcode vm.roll to advance block numbers between operations and test multi-block attack scenarios.
Step 6: Verify against reference implementations. Compare the custom implementation against a known-correct reference. For Uniswap v4-based protocols, compare your concentrated liquidity math against the official Uniswap v4 core contracts. Any deviation — no matter how small or seemingly intentional — should be flagged for manual review and formal verification.
Troubleshooting
If your fuzzer finds invariant violations, do not immediately assume the protocol is broken. Some violations may be artifacts of the test setup, particularly around mock token contracts with unusual decimal configurations. Verify each finding by reproducing it with specific, deterministic inputs. For genuine vulnerabilities, calculate the maximum extractable value by determining the capital required to trigger the condition and the profit per exploitation cycle.
When testing flash-loan attack scenarios, ensure your test environment correctly simulates atomic transaction execution. Foundry’s default test runner executes each test in isolation, which may not accurately represent multi-call atomic transactions. Use vm.startBroadcast and vm.stopBroadcast to group operations into single-transaction simulations.
Mastering the Skill
Advanced DeFi security verification requires continuous learning and practice. Study post-mortems from real exploits — the Bunni post-mortem, documented by Halborn and CertiK, provides an excellent case study in rounding-error exploitation. Contribute to open-source audit repositories to see how professional security researchers approach complex protocols. And always remember that in DeFi security, the devil is in the mathematical details. A rounding error of one wei, repeated across a thousand transactions, can destroy a protocol and its users’ funds.
Disclaimer: This article is for educational purposes only and does not constitute financial or investment advice. Smart contract development and auditing carry significant responsibility. Always engage professional security auditors before deploying financial infrastructure.
Bunni losing $8.4M to a rounding error is brutal. floor division in vault shares has been a known attack vector since yVault 2021
yVault 2021 and Bunni 2025, same bug class four years apart. the audit industry keeps rediscovering the same vulnerabilities instead of building shared test suites
the invariant testing approach with Foundry fuzzing should be mandatory for any pool going live. catching these pre-deployment is table stakes now
The discussion on rounding-direction manipulation in vault-like pools is spot on. I’ve seen too many protocols assume that Solidity’s default floor division is always ‘safe,’ but as you pointed out, it can be weaponized if the share-to-asset ratio is skewed. This is essential reading for anyone trying to build robust yield aggregators or lending markets.
Marcus Thorne floor division in vault share calculations is a ticking time bomb in every yield aggregator. the Bunni exploit was the same class of bug that hit Every.finance in 2023
the Every.finance comparison is apt. vault share rounding is the gift that keeps on giving to attackers. every new yield aggregator thinks their math is different
Finally, a deep dive that doesn’t just skim the surface of DeFi security! Those precision bugs are a nightmare to debug after a pool is already live. I really appreciated the section on invariant checking—it’s something our team has been struggling with lately. Keep these technical posts coming, they’re way better than the usual hype pieces we see everywhere else.