SushiSwap Denies White Hat Hacker’s Billion Dollar Security Vulnerability Report

The developer of SushiSwap has denied that the platform has a vulnerability that was reported by a white hat hacker while studying the code of his smart contracts.

Is this rebuttal by SushiSwap credible?

According to the report, hackers identified a vulnerability that could result in more than $ 1 billion in user funds being stolen. After the hacker was discovered, he contacted the developers at SushiSwap, but the team does not appear to have any intention of taking any action.

Hackers claim to have identified a vulnerability in the emergency withdrawal function of two SushiSwap contracts, MasterChefV2 and MiniChefV2. While this functionality allows liquidity providers to get their LP tokens instantly in the event of an emergency, the hacker claims that the feature will not be available if there are no rewards stored in the SushiSwap pool. . As a result, liquidity providers have to wait around 10 hours for the pool to be manually reloaded before they can withdraw tokens.

“It can take about 10 hours for all signatories to agree to fund the premium account. Not to mention the fact that some reward pools are empty several times a month, ”said the hacker. “SushiSwap’s non-Ethereum implementation and double rewards (all with vulnerable MiniChefV2 and MasterChefV2 contracts) total over $ 1 billion. This means that this value is practically unavailable for 10 hours several times a month. “

However, the developer of SushiSwap reached out to Twitter to refute claims that the platform was vulnerable. The platform’s Shadowy Super Coder developer Mudit Gupta emphasized that the threat described is not a weak point and that no funds are at risk. Gupta made it clear that anyone can replenish the pool’s rewards in an emergency, largely bypassing the 10-hour multi-sig process that the hacker claims to replenish the rewards.

“The hacker’s claim that you can use more LP to withdraw rewards faster is wrong. The reward per LP goes down as you add more LPs, ”they added.

Hackers said they were instructed to report vulnerabilities on the Immunefi bug bounty platform – where SushiSwap offers rewards of up to $ 40,000 to users who report risky vulnerabilities in their code – after first contacting the exchange to have. They found that the issue on Immunefi was closed without compensation and SushiSwap only announced that they were aware of the described issue.

Join Bitcoin Magazine Telegram to keep track of news and comment on this article: https://t.me/coincunews

mango

According to Cointelegraph

Follow the Youtube Channel | Subscribe to telegram channel | Follow the Facebook page

Annie

Championing positive change through finance, I've dedicated over eight years to sustainability and environmental journalism. My passion lies in uncovering companies that make a real difference in the world and guiding investors towards them. My expertise lies in navigating the world of sustainable investing, analyzing ESG (Environmental, Social, and Governance) criteria, and exploring the exciting field of impact investing. "Invest in a better future," I often say. That's the driving force behind my work at Coincu – to empower readers with knowledge and insights to make investment decisions that create a positive impact.