In the latest security news, decentralized exchange SushiSwap has been hit by an exploit involving an approve-related bug on the RouterProcessor2 contract, leading to the loss of more than $3.3 million from at least one user. According to Ancilia, Inc., the root cause of the exploit is a bug in the internal swap() function of the SushiSwap router contract, which bypasses the permission check in the swap3callback function. This allowed the attacker to "yoink" tokens without proper permission from the token owner.

At this point, only those who swapped on SushiSwap within the last four days, as well as over 2000 addresses on Layer 2 Arbitrum are believed to be affected. Moreover, 190 Ethereum addresses were found to have approved the problematic contract. Still, following the news, the price of Sushi's governance token have fallen only by a small 0.6%.

To resolve the situation, security teams are working together with SushiSwap and PeckShield, who have recommended revoking the same bad contract on all chains. In light of the incident, the SushiSwap Head Chef Jared Grey is also looking for a $3 million legal defense fund from the Sushi DAO after the platform received a subpoena from the U.S. Securities and Exchange Commission.

The Block Research Analyst Kevin Peng and Brad Kay have given further insight into the exploit and users are recommended to be cautious and keep an eye on the development. It's suggested to revoke all chains as soon as possible and DeFi Llama offers a free tool to check if any of the addresses have been impacted. Although the exploit could be damaging, SushiSwap and its partners are already taking steps to rectify the situation and keep its users safe.



Other News from Today