SushiSwap falls victim to $3.3 million exploit, users advised to revoke contracts

The decentralized exchange SushiSwap has been hit by an exploit, leading to the loss of over $3.3 million from at least one user, known as 0xSifu on Twitter, according to a report by The Block. The exploit occurred due to an approve-related bug on the RouterProcessor2 contract, which cybersecurity experts PeckShield and SushiSwap Head Chef Jared Grey have recommended revoking on all chains.

The root cause of the issue, according to Ancilia, Inc., is a bug in the internal swap() function, which calls swapUniV3() to set the variable “lastCalledPool” at storage slot 0x00. Ancilia adds that “later on in the swap3callback function, the permission check gets bypassed.”

The exploit allows an unauthorized entity to steal users’ tokens, commonly known as “yoinking.” According to The Block Research Analyst Brad Kay, the first attacker used the “yoink” function, taking 100 ETH, while another attacker later used the same contract but instead named their function “notyoink,” stealing another 1,800 ETH.

Early reports suggest that not too many SushiSwap users are currently at risk. DeFi Llama’s @0xngmi claims that only those who swapped on SushiSwap within the last four days should be affected. However, The Block Research Analyst Kevin Peng explains that 190 Ethereum addresses have approved the problematic contract, and more than 2,000 addresses on Layer 2 Arbitrum have seemingly approved the bad contract.

Sushi’s governance token only fell by 0.6% in the hour since the news broke. SushiSwap Head Chef Jared Grey has tweeted that Sushi is “working with security teams to mitigate the issue.” Grey is also seeking a $3 million legal defense fund from Sushi DAO after Sushi was hit with a subpoena from the U.S. Securities and Exchange Commission.

Related Posts

Leave a Reply

Newsletter

Subscribe To Newsletter

For updates and exclusive offers, enter your e-mail below.

Popular Posts

Nathaniel Luz Comments on Nigerian Authorities’ Crackdown on Crypto Traders and OTC Exchanges Amid Naira Depreciation
February 22, 2024By
Binance Implements Price Cap on USDT Trading in Nigeria Amid Regulatory Pressure
February 22, 2024By
Circle Ceases Support for USDC on Tron Blockchain
February 21, 2024By

Advertisement

Video Posts

Crypto Stats


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin50,974 0.13 % 0.37 % 1.90 %
Ethereum2,948.5 0.08 % 0.05 % 5.67 %
Tether0.9999 0.01 % 0.10 % 0.06 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %