SushiSwap Hack: More than $3.3M Lost, Head Chef Recommends Revoking RouterProcessor2 Contract
Market Musing-g

SushiSwap Hack: More than $3.3M Lost, Head Chef Recommends Revoking RouterProcessor2 Contract

год назад

SushiSwap lost $3.3M in a recent hack and the head chef suggests revoking the RouterProcessor2 contract. Details in this article.

SushiSwap Hack: More than $3.3M Lost, Head Chef Recommends Revoking RouterProcessor2 Contract

Содержание

SushiSwap Hack: More than $3.3M Lost, Head Chef Recommends Revoking RouterProcessor2 Contract

We will Cover this in This Article 👇

  • Introduction
  • How the Exploit Occurred
  • To Yoink or Not to Yoink?
  • How Many Users are Affected?
  • Response from SushiSwap Head Chef Jared Grey
  • Takeaways
  • Conclusion

Introduction:

Decentralized exchange SushiSwap was hit by an exploit that led to the loss of more than $3.3 million from at least one user. The attack involved an approve-related bug on the RouterProcessor2 contract, prompting SushiSwap Head Chef Jared Grey to recommend revoking it on all chains.

How the Exploit Occurred:

The root cause, according to Ancilia, Inc., is due to a bug in the internal swap() function. This function calls swapUniV3() to set variable "lastCalledPool," which is at storage slot 0x00. Later on in the swap3callback function, the permission check gets bypassed, allowing an unauthorized entity to steal tokens from users who have unknowingly approved the bad contract.

To Yoink or Not to Yoink?

The attack vector is a bug in the "approve" mechanism of the SushiSwap router contract. The exploit allows an unauthorized entity to "yoink" tokens without proper approval from the token owner. Following the first attack for 100 ETH, another hacker came along and stole another 1800-ish ETH using the same contract but named their function "notyoink."

How Many Users are Affected?

Early reports suggest that not many SushiSwap users are at risk, with only those who swapped on the platform within the last four days being affected. DeFi Llama's @0xngmi has published a list of contracts across all chains that should be revoked, and they built a tool to check if any of your addresses have been impacted. The Block Research Analyst Kevin Peng reveals that so far, 190 Ethereum addresses have approved the problematic contract. However, more than 2000 addresses on Layer 2 Arbitrum have seemingly approved the bad contract.

Response from SushiSwap Head Chef Jared Grey:

Grey tweeted that SushiSwap is working with security teams to mitigate the issue. He is also seeking a $3 million legal defense fund from Sushi DAO after the platform was hit with a subpoena from the U.S. Securities and Exchange Commission.

Takeaways:

  • Decentralized exchanges are not immune to hacks and exploits.
  • Always be careful when approving contracts on DeFi platforms.
  • Revoking contracts is necessary to prevent future attacks.

Conclusion:

SushiSwap's recent exploit highlights the importance of taking necessary precautions when using DeFi platforms. SushiSwap Head Chef Jared Grey's recommendation to revoke the RouterProcessor2 contract on all chains is crucial to prevent similar attacks from happening in the future. It is essential to stay vigilant and practice safe trading habits to prevent loss of funds due to cyberattacks.

Hey, it's CryptoPatel here!

I'm passionate about providing you with the latest insights and analysis on the world of cryptocurrencies.

If you enjoy my content and want to show your support, please like, share, and follow me for more high-quality updates.

Thank you for your support, and let's continue to stay connected for more exciting content!

LIKE ❤️

Share ⏩

Follow 🤝

#Crypto #Bitcoin #NFT #Defi $BTC $ETH $Doge

3 people liked this article

Статьи по теме

Announcements
ColdStack Partners With Power DCloud
We aggregate the best of the best data storages to guarantee our users the highest level of security and availability of their data and to provide them with the newest features.
год назад
Market Musing-g
Blockhead Business Bulletin: Fed's Stress Test & US$30,000 Bitcoin
Bitcoin hits its peak as markets take their Easter break whilst anticipating the Fed's CPI numbers next week
год назад
Trading
Understanding Money Flows in the Cryptocurrency Market: A Guide for Traders
Maximizing Profits: Understanding Bitcoin Dominance and Money Flows to Position Yourself for Success
год назад
Market Musing-g
Will FLOKI (FLOKI) and Uniswap (UNI) Make Profitable Investments in 2023? Check out Uwerx (WERX)
The crypto industry is known for its volatility, which presents opportunities to make significant gains. Experienced crypto traders speculate on price movements, even in the current bear market. Cr...
год назад
Market Musing-g
Coinbase Lawyer Optimistic About Legal Challenge to US Tornado Cash Ban As Lawsuit Enters Critica...
The head lawyer at Coinbase says “powerful” legal arguments are being presented at a key point in the action to reverse a US prohibition on Tornado Cash. Paul Grewal, chief legal office...
год назад
Market Musing-g
NFT Marketplace LooksRare Launches v2, Reducing Fees From 2% to 0.5%
According to an April 6 release from LooksRare, the nonfungible token (NFT) marketplace has updated to version 2, decreasing costs by 75% and incorporating additional features. The LooksRare platfo...
год назад