The new DEFI platform enters the market! Earn passively - token sale 0.25 $ I'm going in!

White hat rescues SushiSwap $350 by finding ‘obvious’ exploit

3 min reading

The security researcher recently found an imperfection in a Dutch auction smart contract that could have ended up with a loss of 109,000 ETH. The SushiSwap decentralized exchange has slightly ignored turning into the latest DeFi hack thanks to the help from a white hat hacker.

A security researcher from venture capital firm paradigm famously known on twitter as “samczsun” has ended up protecting SushiSwap and its MISO platform for a potential danger of as much as 109,000 ETH. In a blog post published on Aug. 17, the programmer explained how he started to learn about the smart contract code for the BitDAO token sale at SushiSwap’s token launchpad platform, MISO. “Just pulled off maybe the biggest Whitehat rescue ever. Story time soon” said samczsun. 

On noticing it from a closer perspective he found a mistake in the MISO Dutch auction contract while on the other hand some of the other functions lacked access controls. “I didn’t really expect this to be a vulnerability though, since I didn’t expect the Sushi team to make such an obvious misstep.” After a more detailed investigation, the White hat realized a vulnerability that if exploited it could end up with all the crypto assets in the token auction contract being used by a useless actor. An attacker could use It again with same ETH again and again to batch various calls to the contract and “bid in the auction for free.” 

Samczsun tested the weakness with an exploit before contacting colleagues Georgious Konstantopoulos and Dan Robinson to study it and further check the findings. He also learned that a hacker could steal the funds from the contract by initiating a refund by sending a higher amount of ETH than the auction hard cap. “Suddenly, my little vulnerability just got a lot bigger. I wasn’t dealing with a bug that would let you outbid other participants. I was looking at a 350-million-dollar bug.” 

“Everyone knows paradigm has big UNI/Uniswap bags, but Sam from their team just helped save SushiSwap (an ostensible competitior) from a critical bug. This is the ethos of the space among the best actors.” 

Currency Exchange rate Buy cryptocurrency

Buy crypto now

Dear customer,

We use cookies to provide our services correctly and safely. Cookies are small text-based data sets that shall be saved on the device you are using in connection with the use of this instnat website. Cookies are created in order to ensure proper functioning of thes instant website. By clicking the button "I accept and go to the website", you implicitly agree to creation of the cookies on your computer and to deploy automatic tracking and data collection and processing on behalf of the Lushup Holdings FZ LEE. Click the above-captioned button is also tantamount to accepting website's privacy policy. Closing the notification by means of "X" is unequivocally connected with your consent. If you do not agree to any of the above, please discontinue using our Website.

“Cookies” shall make an identification of the software used by you and to customization of this instant website to your needs. Cookies contain the name of the domain from which they origin, duration of period of their storage on your computer and an assigned value.

Third party cookies:
We also use third-party cookies for the following purposes:

  • creating statistics - helping to understand the way Users use the Website, which allows to improve its structure and content with use of the analytical tools
  • defining a user profile - in order to display custom-tailored content in advertising networks.

External entities that might be source of any third-party cookies on this instant Website are as follows:

Using a settings of your web browser or by using pre-set configuration tools available in our service you can independently and at any time change the settings concerning your use of the “cookies”, specifying the conditionsof their storage and how your device is creating and downloading them. These settings can be changed to block the automatic handling of cookies in the settings of your web browser or inform about their placement on your device each time.

Detailed information about the options related to use of “cookies” is available in the settings of your software (web browser).

Service privacy policy

This instant document lays out the principles of the Privacy Policy on the website (hereinafter referred to as the "Website" or "Service"). The administrator of the Website is Lushup Holdings FZ LEE, Fujairah - Creative Tower, P.O.Box 4422 Fujairah, United Arabs Emirates.

The full document to read the Tokeneo privacy policy is available in this document.

Advanced settings can be changed in your browser.