A critical vulnerability that was found on a decentralized exchange platform SushiSwap put over $ 350 million at risk before it was patched by developers last night, a report this morning showed.
It was discovered by ‘samczsun’, a pseudonymous security researcher at Paradigm, who quickly notified the sushi developers of the bug and helped contain potential damage.
Examiner minutes, August 16. I found a critical vulnerability in SushiSwap’s MISO platform https://t.co/untzdxay7q
– samczsun (@samczsun) August 17, 2021
“Today I want to tell you how I found and fixed a vulnerability that put over 109,000 ETH (~ USD 350 million at today’s exchange rate) at risk,” Samczsun wrote, adding that the exploit included logs that Otherwise safe and flawless, but that was not their association.
SushiSwap and MISO
Powered by the SUSHI token, SushiSwap is an Ethereum-based decentralized exchange that enables users to trade, earn, farm income and borrow cryptocurrencies. As part of the expansion of its product range, DEX recently launched the Minimal Initial Sushi Offering (MISO) program.
The BIT-ETH auction was successfully completed in a few hours with a maximum commitment size, which led to the conclusion and made the tokens immediately claimable.
~ 80M $ liquidity available on @SushiSwap 🥳https: //t.co/9ebAGZn2n1
– SushiChef (@SushiSwap) August 17, 2021
And what is MISO? It is a SushiSwap based protocol that allows users and developers to start new projects and instantly list their tokens on the SushiSwap exchange. This agreement enables SushiSwap to raise more capital and serve even more users.
The way MISO interacts with SushiSwap is where the vulnerability was found. “The MISO platform operates two types of auctions: Dutch auctions * and collective auctions *,” wrote samczsun. The researcher then checked the code and found a contract code similar to that used by the Opyn decentralized options market team, which allowed hackers to reuse ETH multiple times that was sent to the contract.
“I realized that I was looking at exactly the same vulnerability in a different way,” said Samczsun, adding:
“In a delegate call, msg.sender and msg.value are retained. This meant that I should be able to bundle multiple calls to commitEth and reuse my msg.value for each commitment so that I can bid on the auction for free. “
The bug would have resulted in any ETH sent over the hardcap of the auction being refunded.
Core members of the SushiSwap team were immediately informed about the weak point and jumped off with samczsun “within minutes” to fix the error. The team completed this out of three possible solutions: by writing code to purchase the remaining allotment and immediately closing the auction (a step that required administrator privileges).
(Footnote: Dutch auctions are a market structure in which the price of an offered asset is determined after all bids have been accepted in order to achieve the highest price at which the entire offer can be sold, while batch auctions refer to a collection of executed orders at the same time .)
Get one Edge in the crypto asset market
Access as a paid member of. for more crypto insights and context in each article CryptoSlate Edge.
Sign up now for $ 19 / month. Discover all the advantages