As token price rises and reputation mends, Sushiswap foils midnight exploit

Published at: Nov. 29, 2020

As exploits and hacks run rampant across the DeFi ecosystem, at least one project appears to have fended off the worst of an attack — the once-maligned “vampire” AMM (automated market maker) exchange Sushiswap. 

Observers noticed last night that Sushiswap — which got its start leeching liquidity from rival AMM Uniswap — was experiencing an exploit, and that anonymous head developer 0xMaki was taking steps to mitigate it:

Possible @SushiSwap exploit found? @0xMaki sends exploiter a tx with a message to collect bug bounty.See belowtx with message from 0xMakihttps://t.co/1MdXqw9chqExploiters address:https://t.co/ehh7EassCo@DefiantNews pic.twitter.com/fRpdA1j7y1

— JuanSnow (@Juan_Snow1) November 29, 2020

Reports from the Sushiswap Discord channel now indicate that the exploit has been resolved, and that all lost user funds (between $10,000 and $15,000) will be covered by the Sushiswap treasury. 

To gain a better understanding of the exploit and what it means for Sushiswap, Cointelegraph spoke to one of the smart contract engineers that 0xMaki personally thanked on Twitter for helping to mitigate its effects: self-described “DeFi degen” and solidity developer ‘andy.’

Post-Mortem when I wake up, exploiter got around 10-15k so far from the 0.05% fees cut of Sushiswap.LP - xSushi holders are safe!It is a fascinating one thanks @andy8052 @danielque & sushi core devs for the quick reaction and help.More soon! https://t.co/QmhNMTP28L

— 0xMaki 源 義経 (@0xMaki) November 29, 2020

According to andy, 0xMaki contacted him at 10pm EDT. 

“He (0xMaki) said there was some weirdness going on but was unsure what it was. We spent about 1 hour in a discord call going through transactions until we figured out what the exploit was.”

Andy explained that the attacker wrapped liquidity pool tokens and deployed them to a new pool, allowing the attacker to execute “really weird logic to pull the underlying tokens from the reward contract.”

The affected contracts were patched within hours, and according to 0xMaki the auditing firm Peckshield will be reviewing the changes

Adding a layer of intrigue to the exploit is that 0xMaki and the Sushiswap team attempted to communicate with the exploiter as they searched to find a solution, sending a short message to the exploiters address:

“I see you, we are working on fixing it. Contact me on Discord for a bug bounty - 0xMaki,” the message read.

Similar messages have been a feature of many recent hacks and exploits, including Value DeFi’s flash loan exploit where the exploiter taunted the team (and later returned some of his ill-gained proceeds to a victim claiming to be a nurse), and the earlier Dforce hack, where the attacker returned funds with a note looking to the future.

andy, however, doesn’t think it’s the beginning of a wider trend.

“I don't see it turning into anything just cause it is expensive and inefficient,” he said.

The quick fix may also be a sign that Sushiswap's wider fortunes are on the rise. Sushiswap’s arrival on the scene, founder exitscam, and eventual return of ‘rugpulled’ funds was one of the messiest stories of the wild DeFi summer. 

With the passage of time, however, the market is once again showing signs of faith in Sushiswap. The price of the exchange’s SUSHI governance token is up over 100% on the month.

For his part, andy’s faith never wavered and the response to the attack is just another sign of the competency from the new Sushi team.

“They have been heads down working super hard. Just look at all the cool stuff they have released and are working on. It definitely doesn't hurt my view of them but also didn't really change much for me personally as I already thought pretty highly of the team.”
Tags
Ethereum
Hacks
Developers
Sushiswap
Related Posts
Ethereum advances with standards for smart contract security audits
The Ethereum ecosystem continues to witness a flurry of activity that has individuals and organizations deploying token contracts, adding liquidity to pools and deploying smart contracts to support a wide range of business models. While notable, this growth has also been riddled with security exploits, leaving decentralized finance (DeFi) protocols vulnerable to hacks and scams. For instance, recent findings from crypto intelligence firm Chainalysis show that crypto-related hacks have increased by 58.3% from the beginning of the year through July 2022. The report further notes that $1.9 billion has been lost to hacks during this timeframe — a figure that …
Adoption / Aug. 22, 2022
DeFi should complement TradFi, not attack it: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. Following FTX’s demise, the DeFi space is up for a complete remodel as crypto users demand better security and compliance practices. SushiSwap’s roadmap for the coming year includes the development of a decentralized exchange (DEX) aggregator, a decentralized incubator and “several stealth projects.” All these projects combined can grow its market share 10x, said the CEO. The co-founder and CEO of Ava Labs spoke with Cointelegraph at the World Economic Forum in Davos, Switzerland, …
Blockchain / Jan. 20, 2023
ETH Stolen From Crypto Exchange Cryptopia Moved, Portion Deposited on Exchange
A portion of the ether (ETH) stolen from hacked New Zealand-based cryptocurrency exchange Cryptopia has been moved and deposited to a different crypto exchange, according to an analysis. Crypto Anti-Money Laundering startup Coinfirm tweeted about their findings on May 20. According to Coinfirm, 30,790 (over $7.778 million) of the stolen ether has been reportedly moved to a new address, and 10 ETH (over $2,500) moved to the hot wallet of another crypto exchange. A Twitter account dedicated to reporting on large transactions to and from cryptocurrency exchanges, Whale Alert, claims that 500 of the stolen ether (over $125,000) has today …
Ethereum / May 21, 2019
3 reasons why Harmony (ONE) rallied back to its all-time high this week
Bitcoin price is still a ways from its $69,000 all-time high but this isn't stopping altcoins from moving toward new highs. Data from Cointelegraph Markets Pro and TradingView shows that since hitting a low of $0.13 on Dec. 4, the price of Harmony (ONE) has risen 163% to establish a new all-time high of $0.38 on Jan. 14 Three reasons for the growing strength of Harmony include an expanding ecosystem, the launch of multiple cross-chain bridges and developers interest in finding Ethereum network alternatives. ONE benefits from Harmony's $300 million ecosystem development fund One of the biggest boosts to the …
Nft / Jan. 16, 2022
Ethereum Merge a 'few months after' June: Dev clears up what’s going on
The long-awaited Ethereum Merge is set for yet another delay, with developers working on the upgrade estimating a completion time a “few months after” June. Owing to the success of testing, there was a general expectation the Merge would go through mid year, however the latest setback is unsurprising given that Proof of Stake has been delayed constantly ever since it was first proposed. That said, the signs are promising that the Ethereum mainnet will actually merge with the beacon chain to become a Proof-of-Stake (PoS) network this year. For real. Ethereum developer Tim Beiko provided the updated timeline via …
Blockchain / April 14, 2022