SushiSwap developer denies $1bn bug
Representatives of one of the largest decentralized cryptocurrency exchanges, SushiSwap, denied the white hacker's statement about a bug that could cause damage to the platform in the amount of more than $1 billion.
The hacker told the media that he had discovered a vulnerability that threatens the funds of DEX users, while one of the project developers denied the existence of the bug. Shortly thereafter, information about the potential error was made public, and all attempts by the hacker to contact the team had previously been unsuccessful.
The programmer stated that the detected error was associated with a problem with the functionality of the urgent withdrawal of funds in the MasterChefV2 and MiniChefV2 contracts. They, in turn, are responsible for regulating DEX double reward farms and non-Ethereum pools deployed within it. For example, Avalanche, Polygon, and Binance Smart Chain.
The hacker said that an emergency withdrawal of money allows liquidity providers to demand tokens, losing rewards, in the event of an exchange emergency. But due to a bug, this function simply will not work if necessary, if at that time the SushiSwap pool does not contain a sufficient amount of remuneration for suppliers. This will force the latter to forcibly wait for the period of filling the pool in manual mode, which, according to preliminary estimates, takes about 10 hours until the providers finally manage to withdraw tokens. At the same time, according to the hacker, the problem is that the reward pools are emptied twice a month.
DEX deployments without ETH and double rewards involving vulnerable contracts are valued at over $1 billion in total. In other words, in the event of an emergency, the withdrawal of such a colossal amount of funds is blocked for a period of about 10 hours twice a month. This makes the already unpredictable situations even more dangerous for liquidity providers.
Security specialist and blockchain developer SushiSwap, Mudit Gupta, stated on his Twitter account that the marketplace is not in danger. He also added that in the last month alone, they received over 100 vulnerability claims, none of which were confirmed. All of them were shared with DEX employees through the Immunefi bug-detecting platform, which guarantees a $40,000 payout for exploits. The question of the white hacker regarding vulnerability per billion was also closed there earlier. Since the team declared no error, he received no monetary reward.
If you decide to try your hand at the world of cryptocurrencies, do it with a trusted and reliable partner - HUOBI
Coin Shark is not responsible for the content, accuracy, quality, advertising, products or any other content posted on the site. This article is for informational purposes, prepared on the basis of materials and information from open sources. Cryptocurrency is a high-risk asset, investments in it can lead to losses. Readers should do their own research before taking any action.