Users Advised to Revoke Contracts Following SushiSwap Attack

A recent attack on the SushiSwap exchange has caused over $3.3 million in damages to one user with the Twitter handle @0xSifu. PeckShield, a blockchain security firm, has reported that the decentralized exchange was attacked due to a vulnerability in the RouterProcessor2 contract. Both PeckShield and Jard Grey, the Head Chef of SushiSwap, have advised users to revoke on all chains.

According to Ancilia, a network security firm supported by Binance Labs, the attack originated from the “internal swap” function. This function calls the swapUniV3 command to set the lastCalledPool variable, and the swap3callback feature was skipped, which led to the attack.

The first attacker used the “yoink” function, which was enabled by a flaw in the SushiSwap contract’s authorization mechanism. This flaw allowed unauthorized individuals to easily yoink tokens without user permission. The first hack resulted in 100 ETH in damages by a white-hat hacker, while another hacker stole 1,800 ETH, or roughly $3.2 million, using a similar method, according to Brad Kay from The Block Research.

@0xngmi has advised users who have interacted with SushiSwap in the past four days to revoke all contracts listed below. According to Kevin Peng from The Block Research, over 190 Ethereum addresses have interacted with the contract, and over 2,000 addresses have approved it on the Ethereum network.

This attack highlights the importance of conducting regular security audits and having proper authorization mechanisms in place to prevent unauthorized access. Decentralized exchanges like SushiSwap are vulnerable to attacks due to their decentralized nature, which can make it more difficult to detect and prevent malicious activity. Therefore, it is crucial for users to take necessary precautions and follow security best practices when using such platforms.

Read more:

Join us on Telegram

Follow us on Twitter

Follow us on Facebook

You might also like