SushiSwap falls victim to $3.3 million exploit, users advised to revoke contracts

The decentralized exchange SushiSwap has been hit by an exploit, leading to the loss of over $3.3 million from at least one user, known as 0xSifu on Twitter, according to a report by The Block. The exploit occurred due to an approve-related bug on the RouterProcessor2 contract, which cybersecurity experts PeckShield and SushiSwap Head Chef Jared Grey have recommended revoking on all chains.

The root cause of the issue, according to Ancilia, Inc., is a bug in the internal swap() function, which calls swapUniV3() to set the variable “lastCalledPool” at storage slot 0x00. Ancilia adds that “later on in the swap3callback function, the permission check gets bypassed.”

The exploit allows an unauthorized entity to steal users’ tokens, commonly known as “yoinking.” According to The Block Research Analyst Brad Kay, the first attacker used the “yoink” function, taking 100 ETH, while another attacker later used the same contract but instead named their function “notyoink,” stealing another 1,800 ETH.

Early reports suggest that not too many SushiSwap users are currently at risk. DeFi Llama’s @0xngmi claims that only those who swapped on SushiSwap within the last four days should be affected. However, The Block Research Analyst Kevin Peng explains that 190 Ethereum addresses have approved the problematic contract, and more than 2,000 addresses on Layer 2 Arbitrum have seemingly approved the bad contract.

Sushi’s governance token only fell by 0.6% in the hour since the news broke. SushiSwap Head Chef Jared Grey has tweeted that Sushi is “working with security teams to mitigate the issue.” Grey is also seeking a $3 million legal defense fund from Sushi DAO after Sushi was hit with a subpoena from the U.S. Securities and Exchange Commission.

Related Posts

Leave a Reply


Subscribe To Newsletter

For updates and exclusive offers, enter your e-mail below.

Popular Posts

Nigerian Government Refutes U.S. Lawmakers’ Claims on Binance Executive’s Health in Detention
June 23, 2024By
Nigerian SEC Unveils Accelerated Program for Virtual Assets Service Providers
June 23, 2024By
Winklevoss Twins Donate $1 Million in Bitcoin Each to Support Trump’s Presidential Campaign
June 21, 2024By


Video Posts

Crypto Stats

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin63,691 0.06 % 0.91 % 4.43 %
Ethereum3,416.6 0.22 % 2.48 % 5.07 %
Tether0.9998 0.01 % 0.03 % 0.01 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %

Please enter CoinGecko Free Api Key to get this plugin works.