SushiSwap is back – It’s been a long time since we last talked about a bug exploit, those exploits of vulnerabilities that unfortunately are too often found in decentralized finance (DeFi). The scandal of the day occurred in DEX SushiSwap’s decentralized exchange pools.
As Crypto-Media Rekt explains, a hacker discovered and exploited a loophole in a low-cash pool on SushiSwap.
In particular, this is the pool for the DIGG token of the Badger DAO project. The hacker was thus able to use all transaction fees generated by these transactions for 24 hours. Costs that all liquidity providers in the pool would normally have had to share.
With just 0.001 ether (or $ 1.31), the hacker managed to steal 81.68 ether for his own account, a fraction of just over $ 107,000 at current price!
As seen in the transaction in question below, the individual converted their small initial wager in ether to a DIGG token and then to Wrapped BTC (WBTC, the ETH token version of BTC) before converting their theft into Wrapped ETH regained.
A « small » warning for sushi swaps billions in cash?
However, Rekt explains that this was an old bug and a fix has already been developed for it.
The problem is that this update had to be « manually applied to each new pool » and the DIGG / WBTC pool we are talking about today obviously did not receive this update in a timely manner.
But the situation could have been much more dramatic, according to Rekt:
“Upon further investigation, we found that the damage during this exploit was contained and what was seen as a threat to the entire SushiSwap protocol was simply there. The work of a clever scavenger, gathering crumbs that were still available. « »
The conversation the Rekt team had with SushiSwap about Discord wasn’t comforting. They say they won’t automate the application of the patch. The risk of forgetting is therefore very great.
However, today’s incident should have served as a warning, because as Rekt explains:
« This story reminds us that the logs are constantly monitored by hackers (…) who follow their every move and try to steal their bags (…). »
Unfortunately, there’s little chance this new exploit will be the last we’ll tell you about in this fledgling DeFi sector. Let’s hope they stay contained and that the increasingly immense amounts in these decentralized protocols are not disastrously affected.