Paradigm Investments’ white hat hacker Samczsun reported the most significant bailout ever to the SushiSwap Protocol, the Ethereum ecosystem and possibly the entire web.
I just completed the largest whitehat rescue ever. Soon, story time🔥
– samczsun (@samczsun) August 17, 2021
Samczun stated in a PublishHe discovered and fixed a vulnerability that could have potentially affected more than $ 350,000,000 or 109,000 Ethereum from a Sushiswap contract. This was through his MISO platform. After discovering that a new platform auction was being held, the white hacker examined and repaired the contract.
MISO uses two types: Batch and Duct auctions. Samczun was reviewing DutchAuction contracts when a white hacker discovered the InitMarket & InitAuction functions were without access controls. It was “extremely concerning”.
This was not something I expected to be a vulnerability. The Sushi team made a mistake that I didn’t expect. Indeed, the initAccessControls function validated the fact that the contract had not been initialized.
Samczun claimed that the above, along with BoringBatchable’s use as a mixin library, made the contract more suspect. The hacker identified the ingredients that led in 2020 to an attack on another platform.
Samczun was therefore able to recognize that SushiSwap had been in danger. The vulnerability could be exploited by a malicious actor to use a fixed amount ETH to consolidate multiple contract requests. This would effectively allow the attacker to “bid on the auction for free”.
Token payment processing required a separate transactionFrom call for each loop. ETH payments processing simply checked that msg.value is sufficient. This allowed attackers to reuse the exact same ETH multiple times.
SushiSwap has fixed a multi-million-dollar bug
Not only are there free offers, but a bad actor can also trigger a refund and steal SushiSwap’s contract funds. The attacker would have only needed to send ETH beyond the auction’s maximum limit. Samczun said:
This was true even after the cap was reached. The contract would pay all your Ethereum instead of rejecting it.
Minutes after the white hacker discovered that the vulnerability was present, he set up a “poor-man’s mainnet command fork.” Samczun was able then to verify that the contract would allow the attack.
After the thesis was confirmed, the white hacker reported it to Joseph Delong, SushiSwap’s CTO. He and other members from the protocol team coordinated a response in order to fix the bug. Samczun, the team member, and others “saved” funds by purchasing the remaining pieces. The auction was closed.
DC Investor, a community member, stated that the vulnerability was discovered and exploited by a hacker working for an investment firm. This hacker had a large stake in Uniswap (the decentralized exchange that competes with SushiSwap). This says a lot about the “ethos” of Ethereum. ecosystem. CC Not noted:
Paradigm discovered and fixed a vulnerability that could put over 109,000 ETH at danger. Everyone knows Paradigm has big UNI / Uniswap bag bags. But Sam from their team just saved SushiSwap (an obvious competitor) from a critical bug.
SUSHI trades at $ 12.50 as of this writing with a loss in daily chart of 2.4%.