Image illustrating Scam Phishing Fraud Email Attack Mail Online
Courtesy: mohamed Hassan via Pixabay

SushiSwap miraculously escaped a loss of 109,000 ETH.

The decentralized exchange of SushiSwap has miraculously survived itself as the latest decent hacker in finance through the help of a white hat hacker.

Image illustrating Scam Phishing Fraud Email Attack Mail Online
Courtesy: mohamed Hassan via Pixabay


A security investigator of the risk capital firm Paradigm, known on Twitter as Samczsun, has saved SushiSwap from a potential loss of 109,000 other platforms (ETH).

The programmer described in a blog post issued on Tuesday the way he started reviewing the intelligent contract code for the sale of BitDAO talks on Miso, a token launchpad of SushiSwap.

On closer inspection, the company found that some functions lacked access controls in the Miso Dutch auction agreement.

“I did not truly expect it to be a vulnerability, however, as I did not anticipate such an obvious mistake from the Sushi team.”

Following further research, the white hat identified a vulnerability that, if exploited, may have led to a malicious actor draining all the crypto-actives in the token auction agreement. An attacker may repeatedly reuse the same ETH to batch multiple contract calls and “free offer at the auction.”

Before contacting colleagues Georgios Konstantopoulos and Dan Robinson, Samczsun was able to test the vulnerability with a successful exploit and double-check the results. He also finds that a hacker can steal the contract funds from them by sending a refund that is more ETH than the hard cash auction.

“My vulnerability has suddenly increased significantly. I didn’t deal with a bug that would allow other participants to outbid you. I’ve been watching a $350 million bug.”

Then it was time to contact Joseph Delong, SushiSwap Technology Manager, to draw up a rescue plan before the exploit was uncovered. The decision was made to stop the auction manually by buying the remaining allotments and immediately conclude the process and save the money from the BitDAO team that had a token sale.

SushiSwap notes that no money was lost in the recovery effort. SushiSwap added that until the smart contract can be updated it will pause the use of its Dutch auction format. DCinvestor has commented on Crypto Community Member:

“Everyone knows that Paradigm has huge UNI/Uniswap bags, but Sam from his team just helped save SushiSwap from a bug. This is the space ethos among the best players.”

The token sales of BitDAO went hitch-free and, according to a protocol tweet, raised more than 112,000 ETHs valued at approximately $336 million of 9,200 participants on Thursday.