SushiSwap denies reports of billion dollar bug

SushiSwap denies reports of billion dollar bug

A devs exchange has rejected a claim by a self-made white-hat hacker of a major security threat to sushi swap liquidity providers.

Sushi Swap, the developer behind the popular decentralized exchange, has denied the alleged vulnerability of a white hat hacker reporting espionage through their smart contracts.

According to media reports, the hacker claims to have identified a vulnerability that could jeopardize consumer funds worth more than 1 1 billion, stating that he was trying to reach out to sushi soup developers. Came to the public with information due to inactivity as a result.

The hacker claims that "two sushi swap contracts, Master Chef V and Mini Chef V2, have identified a threat within the Emergency with Draw function. Avalanche."

Although the Emergency With Draw function allows liquidity providers to immediately claim their LP tokens while confiscating prizes in the event of an emergency, the hacker claims that if no prizes were placed inside the sushi swap pool So this feature will fail. Your token is manually refilled about 10 hours before the withdrawal.

The hacker claimed, "It can take about 10 hours for all signatories to agree to replenish the rewards account, and some prize pools are empty several times a month."

"Sushi Swap's non-Ethereum deployments and 2x rewards (using all the weaker Mini Chef V and Master Chef V2 contracts) are worth 1 1 billion in total. Untouched for 10 hours".

However, the nickname developer of Sushi Sweep has resorted to Twitter to refute the claims, with the platform's "shadow super coder Madit Gupta insisting that the stated threat is" not a threat "and" no The fund is not at risk. "

Gupta explained that in the event of an emergency, "anyone" could increase the pool's rewards, ignoring the 10-hour multi-sealing process, and the hacker claimed that the rewards pool needed to be replenished. He added:

"The hacker's claim that someone can put in too much LP to get a reward out quickly is wrong. If you add more LP, the reward per LP decreases".

The hacker said he was instructed to report the threat on the Bug Bounty platform Immune - where Sushi Swap is offering rewards of up to $ 40,000 to users who report dangerous threats in their code. ۔

You May Also Like: goes offline after suffering DDoS attack

He noted that the issue was closed on immunization without any compensation, and Sushi Swap said he was aware of the issue.
Previous Post Next Post