Uniswap investor Paradigm to rescue Sushi platform with $350 million! Community members: Ethereum has the friendliest community
The BitDAO initiated by the Bybit exchange conducted a token issuance on the MISO platform of SushiSwap on 8/16. Venture capital firm Paradigm research partner Samczsun discovered a $3.5 billion vulnerability in the Dutch auction contract and collaborated with several white hat hackers to eliminate the risk of about 109,000 ETH being attacked.
Samczsun further commented on Twitter that this could possibly be the "largest white hat hacker rescue operation in history."
Table of Contents
A $350 Million Contract Bug
Samczsun pointed out in his post that during a series of contract audits, such as submitting functions, reviewing auction management functions, and access control, he found that "InitMarket" and "initAuction" lacked access control and found it hard to believe that the SushiSwap team would make such an obvious mistake.
Samczsun stated that the bug allowed an attacker to repeatedly participate in auctions with the same Ethereum coin for free bids, and any transactions exceeding the token auction cap would be refunded without canceling the transaction. Even if the auction reached the cap, the contract would not reject the transaction.
If this attack method were repeated, it would deplete all assets in the contract, amounting to $350 million.
Rescue Operation
Samczsun contacted SushiSwap development team members Joseph Delong, Mudit, Keno, Omakase, as well as Paradigm members Dan Robinson, Georgios, and others to participate in the rescue operation.
Their rescue plan included:
- Ignore the contract and hope no one discovers the bug
- Rescue funds through the bug, possibly using Flashbots to hide transactions
- Buy all unsold tokens and immediately complete the auction, requiring administrator permissions
After discussion, option three was deemed feasible. Although they encountered many problems during the process, they ultimately decided to set up a whitelist during the auction to verify if the contract had enough Ethereum to match. In case someone attempted to exploit the bug, it would detect if someone sent more Ethereum than the contract assets and cancel the transaction.
The auction was successfully completed in the end. Samczsun mentioned that it took him half an hour to discover the bug, 20 minutes to contact the team, 30 minutes to discuss, and fixed the bug within 3 hours. In just 5 hours, he saved $350 million, but he emphasized that he hoped the bug had never existed in the first place.
He stressed that as code repositories become more complex, the combination of multiple security mechanisms may actually lead to bugs and thanked all participants in this incident.
Ethereum's Friendly Ecosystem
Paradigm had invested in Uniswap as early as 2019, and although SushiSwap is its competitor, Paradigm still provided assistance when a bug that could lead to a large-scale attack was discovered.
AG, the Asia lead of SushiSwap, also expressed an "unofficial" opinion:
Thanks to Samczsun. Former Uniswap founder Hayden once said that Ethereum is the friendliest community he has ever seen, where everyone is willing to help rather than just compete with each other. Now SushiSwap truly experiences this feeling.
However, SushiSwap has not commented on the bug. Hayden retweeted Samczsun's post on Twitter and stated that the path of v3 completely avoids this same bug.
Related
- PayPal Stablecoin Market Value Plunges by 40%, How Will DeFi Maintain User Focus After the Big Sell-Off
- MakerDAO renamed to Sky: Behind the Scenes! Account with a six-figure USD value almost fell into the hands of hackers.
- Solana-based derivative trading platform Drift launches prediction market BET, can holding bets also generate profits?