White Hat Hacker Saves SushiSwap From Potential $350 Million Loss
On the back of a slew of hacks in the DeFi space, it seems companies are finally beginning to become proactive in detecting faults in their network and sealing them before they can be exploited. Multiple deFi exchanges in the past year have been exploited by loopholes in their protocols and drained of valuable funds by hackers. The hardest hit of these was Poly Network which saw over $600 million worth of stolen funds make their way to the hacker. The network’s fears were eventually alleviated when the hacker began to return the funds stating in a message encoded into the transactions that he never intended to take the funds permanently but did it to expose the flaw in the network’s protocol in hopes of them finding a solution to patch it. Other networks have not been so lucky with many of them losing hundreds of thousands and sometimes millions in targeted attacks.
Paradigm Comes To SushiSwap’s Rescue
Popular crypto exchange SushiSwap almost became the latest name in the recent DeFi hacks. A flaw in the systems launchpad platform, MISO, was found by white-hat hacker Samczsun. Samczsun, who works with venture capital company Paradigm, found the bug in the platform’s MISO batch auction system whenever failed transactions occur. The bug would have led to a ‘double spending’ situation, allowing the perpetrator to keep bidding repeatedly, essentially getting free bids on the platform.
On contacting two of his colleagues, they discovered a further exploit accessed by triggering a refund after multiple instances of double-spending. This would essentially “trick” the system into sending back money that was never actually spent. According to Samczsun, this changed the initial problem from a usual double-spending issue to a potential $350 million exploit. On discovering this, the team finally contacted SushiSwap’s Chief Executive Officer Joseph Dalong and worked on a fix to the problem. The solution to the problem was to contact the team holding the auction and have them end it by purchasing the rest of the auction themselves, closing out the deal.
Samczsun compared this exploit to a similar one that occurred last year with trading platform Opyn which led to a loss of $371,000. Despite the severity of this exploit, it was reported that it was able to be fixed within five hours. The Sushiswap team has however stated that the Miso Dutch auction format would be disabled until a full update of the smart contract platform.
Poly Network which was recently hacked also seems to be making efforts to ramp up security. In a sudden turn of events, it has offered the hacker who pulled off the stunning heist, a job testing its security. Along with this, it has also started a bug bounty program to find other flaws in its system.
Tokenhell produces content exposure for over 5,000 crypto companies and you can be one of them too! Contact at info@tokenhell.com if you have any questions. Cryptocurrencies are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by Tokenhell authors (namely Crypto Cable , Sponsored Articles and Press Release content) and the views expressed in these types of posts do not reflect the views of this website. Tokenhell is not responsible for the content, accuracy, quality, advertising, products or any other content or banners (ad space) posted on the site. Read full terms and conditions / disclaimer.