SushiSwap contract vulnerability leads to $3.3 million loss

Copy share

SushiSwap is a decentralized exchange based on Ethereum that allows users to earn SUSHI tokens through liquidity mining. However, the project recently suffered a hacker attack that resulted in some users' funds being stolen.

According to BeosinEagleEye situational awareness platform, on April 9, 2023, there was a vulnerability related to authorization in SushiSwap's RouteProcessor2 contract, which was exploited by hackers, resulting in Frog Nation's former CFO 0xsifu losing more than $3.3 million. The vulnerability allowed attackers to pass in malicious address parameters, bypassing the contract's access control, and transferring funds authorized to the contract.

SushiSwap CEO Jared Grey issued a statement on the governance forum, saying that the protocol was working with security teams to fix the vulnerability as soon as possible, and advised all users to revoke their authorization for the contract. He also said that the incident would not affect SushiSwap's bailout plan, which aims to address the financial crisis facing the project.

SushiSwap is a clone of Uniswap, with the biggest difference being that it issued SUSHI tokens, trying to optimize Uniswap with a token economy model. However, the project has been plagued by controversy and difficulties since its inception. In December last year, SushiSwap founder Chef Nomi sold all his SUSHI tokens and left the project. In April this year, SushiSwap's new CEO Jared Grey revealed the project's dire financial situation and proposed a temporary bailout plan.

This hacker attack has brought more pressure and challenges to SushiSwap. Currently, SushiSwap's SUSHI token price is $8.6, down about 10% from before the attack. Whether the project can get out of trouble remains to be seen.