SushiSwap lost $3.3M in a recent hack and the head chef suggests revoking the RouterProcessor2 contract. Details in this article.
SushiSwap Hack: More than $3.3M Lost, Head Chef Recommends Revoking RouterProcessor2 Contract
We will Cover this in This Article 👇
- Introduction
- How the Exploit Occurred
- To Yoink or Not to Yoink?
- How Many Users are Affected?
- Response from SushiSwap Head Chef Jared Grey
- Takeaways
- Conclusion
Introduction:
Decentralized exchange SushiSwap was hit by an exploit that led to the loss of more than $3.3 million from at least one user. The attack involved an approve-related bug on the RouterProcessor2 contract, prompting SushiSwap Head Chef Jared Grey to recommend revoking it on all chains.
How the Exploit Occurred:
The root cause, according to Ancilia, Inc., is due to a bug in the internal swap() function. This function calls swapUniV3() to set variable "lastCalledPool," which is at storage slot 0x00. Later on in the swap3callback function, the permission check gets bypassed, allowing an unauthorized entity to steal tokens from users who have unknowingly approved the bad contract.
To Yoink or Not to Yoink?
The attack vector is a bug in the "approve" mechanism of the SushiSwap router contract. The exploit allows an unauthorized entity to "yoink" tokens without proper approval from the token owner. Following the first attack for 100 ETH, another hacker came along and stole another 1800-ish ETH using the same contract but named their function "notyoink."
How Many Users are Affected?
Early reports suggest that not many SushiSwap users are at risk, with only those who swapped on the platform within the last four days being affected. DeFi Llama's @0xngmi has published a list of contracts across all chains that should be revoked, and they built a tool to check if any of your addresses have been impacted. The Block Research Analyst Kevin Peng reveals that so far, 190 Ethereum addresses have approved the problematic contract. However, more than 2000 addresses on Layer 2 Arbitrum have seemingly approved the bad contract.
Response from SushiSwap Head Chef Jared Grey:
Grey tweeted that SushiSwap is working with security teams to mitigate the issue. He is also seeking a $3 million legal defense fund from Sushi DAO after the platform was hit with a subpoena from the U.S. Securities and Exchange Commission.
Takeaways:
- Decentralized exchanges are not immune to hacks and exploits.
- Always be careful when approving contracts on DeFi platforms.
- Revoking contracts is necessary to prevent future attacks.
Conclusion:
SushiSwap's recent exploit highlights the importance of taking necessary precautions when using DeFi platforms. SushiSwap Head Chef Jared Grey's recommendation to revoke the RouterProcessor2 contract on all chains is crucial to prevent similar attacks from happening in the future. It is essential to stay vigilant and practice safe trading habits to prevent loss of funds due to cyberattacks.
Hey, it's CryptoPatel here!
I'm passionate about providing you with the latest insights and analysis on the world of cryptocurrencies.
If you enjoy my content and want to show your support, please like, share, and follow me for more high-quality updates.
Thank you for your support, and let's continue to stay connected for more exciting content!
LIKE ❤️
Share ⏩
Follow 🤝
#Crypto #Bitcoin #NFT #Defi $BTC $ETH $Doge