Flash loan >$10M targeting protocol tokens

PancakeSwap's assessment for RD-F-100 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

PancakeSwap V3 provides flash loan functionality natively. Protocol is routinely used as flash-loan liquidity source in BSC-ecosystem attacks against OTHER protocols (Dec 2025 MSCST exploit used PancakeSwap pools as oracle manipulation venue). Core PancakeSwap AMM has not been subject to a protocol-level flash-loan attack. The risk surface is structurally high: $1.73B TVL, permissionless pools, used as primary DEX in DPRK laundering flows. Yellow reflects elevated structural exposure as a flash-loan infrastructure node even though no current protocol-level attack is detected. Phase-2 signal.

Sources #

URL
$45M Flash Loan Attack via PancakeSwap pools (against Pancake Bunny, not PancakeSwap protocol)CryptoNinjas — Pancake Bunny flash loan historicalretrieved 2026-04-28
URL
MSCST Flash Loan Attack: Price Manipulation ExploitVerichains blog — MSCST flash loan via PancakeSwap Dec 2025retrieved 2026-04-28

Methodology #

Detect whether a flash loan >$10M denominated in protocol tokens or LP tokens has originated, likely to interact with this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol pancakeswap factor RD-F-100 score yellow collected_at 2026-04-28 19:10:57