How a hacker saved 109,000 ETH from a contract based in SushiSwap

Earn 20 Reward Points by commenting the blog post

Paradigm Investments’ white hat hacker Samczsun reported the most significant bailout ever to the SushiSwap Protocol, the Ethereum ecosystem and possibly the entire web.

Samczun stated in a PublishHe discovered and fixed a vulnerability that could have potentially affected more than $ 350,000,000 or 109,000 Ethereum from a Sushiswap contract. This was through his MISO platform. After discovering that a new platform auction was being held, the white hacker examined and repaired the contract.

MISO uses two types: Batch and Duct auctions. Samczun was reviewing DutchAuction contracts when a white hacker discovered the InitMarket & InitAuction functions were without access controls. It was “extremely concerning”.

This was not something I expected to be a vulnerability. The Sushi team made a mistake that I didn’t expect. Indeed, the initAccessControls function validated the fact that the contract had not been initialized.

Samczun claimed that the above, along with BoringBatchable’s use as a mixin library, made the contract more suspect. The hacker identified the ingredients that led in 2020 to an attack on another platform.

Samczun was therefore able to recognize that SushiSwap had been in danger. The vulnerability could be exploited by a malicious actor to use a fixed amount ETH to consolidate multiple contract requests. This would effectively allow the attacker to “bid on the auction for free”.

Token payment processing required a separate transactionFrom call for each loop. ETH payments processing simply checked that msg.value is sufficient. This allowed attackers to reuse the exact same ETH multiple times.

SushiSwap has fixed a multi-million-dollar bug

Not only are there free offers, but a bad actor can also trigger a refund and steal SushiSwap’s contract funds. The attacker would have only needed to send ETH beyond the auction’s maximum limit. Samczun said:

This was true even after the cap was reached. The contract would pay all your Ethereum instead of rejecting it.

Minutes after the white hacker discovered that the vulnerability was present, he set up a “poor-man’s mainnet command fork.” Samczun was able then to verify that the contract would allow the attack.

After the thesis was confirmed, the white hacker reported it to Joseph Delong, SushiSwap’s CTO. He and other members from the protocol team coordinated a response in order to fix the bug. Samczun, the team member, and others “saved” funds by purchasing the remaining pieces. The auction was closed.

DC Investor, a community member, stated that the vulnerability was discovered and exploited by a hacker working for an investment firm. This hacker had a large stake in Uniswap (the decentralized exchange that competes with SushiSwap). This says a lot about the “ethos” of Ethereum. ecosystem. CC Not noted:

Paradigm discovered and fixed a vulnerability that could put over 109,000 ETH at danger. Everyone knows Paradigm has big UNI / Uniswap bag bags. But Sam from their team just saved SushiSwap (an obvious competitor) from a critical bug.

SUSHI trades at $ 12.50 as of this writing with a loss in daily chart of 2.4%.

After posting a bug report to the daily chart, SUSHI moved sideways. Source: SUSHIUSDT Tradingview


Related Articles

Leave a Reply

Back to top button