SushiSwap Denies White Hat Hacker’s Billion Dollar Security Vulnerability Report

The developer of SushiSwap has denied that the platform has a vulnerability that was reported by a white hat hacker while studying the code of his smart contracts.

Is this rebuttal by SushiSwap credible?

According to the report, hackers identified a vulnerability that could result in more than $ 1 billion in user funds being stolen. After the hacker was discovered, he contacted the developers at SushiSwap, but the team does not appear to have any intention of taking any action.

Hackers claim to have identified a vulnerability in the emergency withdrawal function of two SushiSwap contracts, MasterChefV2 and MiniChefV2. While this functionality allows liquidity providers to get their LP tokens instantly in the event of an emergency, the hacker claims that the feature will not be available if there are no rewards stored in the SushiSwap pool. . As a result, liquidity providers have to wait around 10 hours for the pool to be manually reloaded before they can withdraw tokens.

“It can take about 10 hours for all signatories to agree to fund the premium account. Not to mention the fact that some reward pools are empty several times a month, ”said the hacker. “SushiSwap’s non-Ethereum implementation and double rewards (all with vulnerable MiniChefV2 and MasterChefV2 contracts) total over $ 1 billion. This means that this value is practically unavailable for 10 hours several times a month. “

However, the developer of SushiSwap reached out to Twitter to refute claims that the platform was vulnerable. The platform’s Shadowy Super Coder developer Mudit Gupta emphasized that the threat described is not a weak point and that no funds are at risk. Gupta made it clear that anyone can replenish the pool’s rewards in an emergency, largely bypassing the 10-hour multi-sig process that the hacker claims to replenish the rewards.