Thanks a lot to
@rileyholterhus
for catching this issue so quickly! We were able to fix & redeploy the Bunni contracts before anyone had used Bunni yet.
Last night I notified the Bunni team that their contracts were vulnerable to an interesting exploit/MEV strategy. An attacker could have stolen all initial deposits sent through the public mempool. This type of exploit has been seen before, but maybe isn't super well-known.