Decentralized Exchange SushiSwap Exploited

The decentralized exchange SushiSwap was attacked earlier today. The vulnerability on the platform is said to have resulted in users’ tokens being sold on various networks such as bsc, eth, arbitrum, optimism, without their consent. Although it is believed that the source of the vulnerability is due to a fundamental reason within the contract, investigations are still ongoing regarding the matter.

An exploit on the decentralized exchange SushiSwap resulted in the theft of more than $3.3 million from at least one user, identified on Twitter as 0xSifu. PeckShield and SushiSwap Chief Chef Jared Grey advise cancelling the RouterProcessor2 contract on all chains due to the exploit’s approve-related issue.

The primary cause cited by Ancilia, Inc. is the invocation of the swapUniV3() function within the internal swap() function, which sets the “lastCalledPool” variable in storage slot 0x00.

According to reports, the number of SushiSwap users who may be affected is currently believed to be relatively small. @0xngmi from DeFi Llama has suggested that only users who swapped on SushiSwap within the last four days may be impacted, and they have provided a list of contracts that need to be revoked and a tool to check if any of your addresses have been affected.

The Block Research Analyst Kevin Peng has noted that around 190 Ethereum addresses have approved the problematic contract, but more than 2000 addresses on Layer 2 Arbitrum have apparently done so. Despite the news, the price of Sushi’s governance token has only dropped by 0.6% in the last hour. In response to the issue, Grey, who is also pursuing a $3 million legal defense fund from Sushi DAO after Sushi was subpoenaed by the U.S. Securities and Exchange Commission, tweeted that Sushi is working with security teams to address the problem.

It’s recommended to revoke SushiSwap contracts (as well as unknown contracts) using Revoke.cash on all active networks.

Here’s the list of contracts on each chain to be revoked revoke.md · GitHub by 0xngmi

Previous Article

Coinbase to Integrate Bitcoin Lightning Network

Next Article

Alchemy Pay (ACH) has Partnered With the Offshore Chinese Yuan (CNHC) Stablecoin Ecosystem

Related Posts