• bitcoinBitcoin$24,117.004.16%
  • ethereumEthereum$1,796.325.30%
  • ElrondElrond$67.041.07%

White Hat May Save SushiSwap $350M by Finding “Obvious” Exploit

A white-hat hacker has just helped SushiSwap from being the latest DeFi hack victim, saving SushiSwap and its MISO platform from potential losses of 109,000 ETH.

The programmer talked in a blog post published yesterday about how he began to examine the smart contract code for the BitDAO token sale at SushiSwap’s token launchpad platform, MISO.

As he was taking a look, he noticed a flaw in the MISO Dutch auction contract in which some functions didn’t have access controls.

“I didn’t really expect this to be a vulnerability though, since I didn’t expect the Sushi team to make such an obvious misstep.”

But taking a closer look, the white hat noticed a vulnerability that, if it had been exploited, would have led to all of the crypto assets in the token auction contract being drained by a bad actor. The attacker could have reused the same ETH repeatedly in order to batch several calls to the contract and “bid in the auction for free.”

Samczsun then ran a test on that vulnerability and enjoyed success. He then asked colleagues Georgios Konstantopoulos and Dan Robinson to also take a look and double-check this. He further found out that a hacker could have stolen funds from the contract by triggering a refund by sending a higher amount of Ethereum than the auction hard cap.

“Suddenly, my little vulnerability just got a lot bigger. I wasn’t dealing with a bug that would let you outbid other participants. I was looking at a 350 million dollar bug.”

He then decided to let Joseph Delong, the CTO of SushiSwap, create a rescue plan before the exploit was publicly available.

SushiSwap confirmed that no funds were lost during the salvage effort.

Source: Cointelegraph.com

Previous articleNext article

Leave a Reply

Your email address will not be published.