As cryptocurrencies become more and more popular, new crypto projects and exchanges are making their way into the industry. In one way, this is a healthy development for the fast growing crypto sector, as it is becoming more inclusive in nature, and enjoys more room for growth and development. However, at the same time, it also paves the way for more systematic vulnerabilities and fraudulent activities on multiple exchanges.
Recently, there have been man reported incidents of such ransomware attacks and hacking attempts on different servers. Many of these attacks were conducted through a bug or loophole in the network, and they prompted heavy losses to the network as well as its users. As exchanges continue to fight their way out of these issues, such incidents can seriously hurt the credibility of the ecosystem, and it can inflict a dent upon the performance of the native coins of these exchanges.
The billion dollar bug fiasco for SushiSwap
In a recent development, there was a reported hacking attempt on the popular decentralized exchange, SushiSwap. The hackers claimed that they have spotted a bug in the SushiSwap network that would endanger almost $1 billion worth of user funds on the network. Reportedly, hackers found a systematic loophole within the ‘emergencyWithdraw function’ in two of SushiSwap’s smart contracts. These two smart contracts were named MasterChefV2 and MiniChefV2. Also, these smart contracts were responsible for SushiSwap’s reward programs and pools of non-Ethereum deployments.
However, the team of developers behind the SushiSwap exchange categorically denied any such reported vulnerabilities, and claimed that the system’s smart contracts are working normally without any inconvenience. The pseudonymous developer tweeted that no funds are at risk , and the identified threat is not at all a vulnerability. They further added that, ‘the hacker’s claim that someone can put in a lot of LP to drain the rewarder faster is incorrect. Reward per LP goes down if you add more LP.’
This is not a vulnerability. No funds at risk. If rewarder runs out of rewards, withdrawing LP will fail but anyone (not just sushi) can top up the rewarder in an emergency.
Sushi can also just remove the rewarder.
— Mudit Gupta (@Mudit__Gupta) September 23, 2021
Nonetheless, the hackers said that they were instructed to report the vulnerability on bug bounty platform, Immunefy, as SushiSwap was offering up to $40,000 to anyone who reported a bug in their code on the platform. However, it was noticed that the issue was reported resolved on Immunefy without any rewards. SushiSwap is of the view that they are well aware of the matter reported, and that it is not a vulnerability or a bug in the network’s code.