A bug in a smart contract in the decentralized finance (DeFi) protocol SushiSwap led to losses of more than $3 million in the early hours of April 9, according to multiple security reports on Twitter.
Blockchain security firms Certik Alert and Peckshield published about unusual activity related to the approval function in Sushi’s Router Processor 2 contract, a smart contract that aggregates trading liquidity from multiple sources and identifies the most favorable price for exchanging data. coins. Within a few hours, the error caused losses of $3.3 million.
it seems that @SushiSwap RouterProcessor2’s contact has an approval related error, leading to a loss of >$3.3M (about 1800 eth) of @0xSifu.
if you have passed https://t.co/E1YvC6VZsPplease *REVOKE* ASAP!
An example of tx hack: https://t.co/ldg0ww3hAN pic.twitter.com/OauLbIgE0Q
— PeckShield Inc. (@peckshield) April 9, 2023
According For DefiLlama pseudonymous developer 0xngmi, the hack should only affect users who changed the protocol in the last four days.
Sushi’s lead developer, Jared Gray, urged users to revoke permissions for all contracts in the protocol. “Sushi’s RouteProcessor2 contract has an approval error, please revoke the approval as soon as possible. We are working with security teams to mitigate the issue,” he said. TO list Contracts on GitHub with different blockchains that require revocation has been created to address the issue.
We have confirmed the recovery of more than 300 ETH of the stolen funds from CoffeeBabe of Sifu. We are in contact with the Lido team regarding 700 more ETH.
— Jared Gray (@jaredgrey) April 9, 2023
Hours after the incident, Gray took to Twitter to announce that “a large portion of the affected funds” had been recovered through a whitehat security process. “We have confirmed the recovery of more than 300 ETH of the stolen funds from CoffeeBabe of Sifu. We are in contact with the Lido team regarding a further 700 ETH.”
The Sushi’s community has had an intense weekend. On April 8, Gray and his attorney provided comments on the recent US Securities and Exchange Commission (SEC) subpoena.
“The SEC’s investigation is a non-public investigative inquiry seeking to determine whether there have been any violations of the federal securities laws. To the best of our knowledge, the SEC has not (as of this writing) reached any conclusion that anyone affiliated with Sushi has violated the federal securities laws of the United States,” he said.
Gray claims to be cooperating with the investigation. A legal defense fund was proposed in response to the summons at the Sushi government forum on March 21.
Hodler’s Digest, April 2-8: BHidden TC White Paper on macOS, Binance Loses AUS License, and DOGE News
