SushiSwap, a decentralized exchange, has barely escaped becoming the new DeFi hack target because of a white hat hacker’s help. A security investigator at Paradigm (a firm for venture capital) called ”samczsun” on Twitter has been successful in protecting SushiSwap as well as its branch MISO from possible harm of up to 109,000 ETH. The programmer, through a 17th August blog post, described the way he began analyzing the code of BitDAO token’s smart contract sale, which was h launched on MISO (a launchpad platform under SushiSwap).
By inspecting thoroughly, he pointed out a mistake in the auction contract of MISO Dutch due to which a few functions were deficient in access controls. Initially, he stated, it was not considered as a weak point, and neither did he expect such an obvious mistake from such a firm. However, by doing an exhaustive investigation, he opened up by saying that the flaw could end in the drainage of all the crypto assets present in the auction contract of the tokens by a mischievous actor.
The respective attacker, samczsun elaborated, could recycle the exact ETH many times to collect a lot of calls for the contract, and he could also bid them in the sale without charging any fee. He checked the weakness having chances of being successfully exploited before having contact with colleagues Dan Robinson and Georgios Konstantopoulos to examine it and recheck the findings. He also mentioned that the hacker was also capable of robbing the funds from the respective contract via stimulating recompense via sending a larger volume of ETH than its amount offered in the auction.
Samczsun added that the firstly shorter weakness turned into a huge issue in no time. It was not a flaw that was not limited to simply restrict the company from outcompeting the other auctions. Rather, it could put $350M of the firm on stake. He then proceeded to clarify that he contacted Joseph Delong (the CTO of SushiSwap) to construct a rescue framework in advance of the discovery of the flaw to such a malicious person. It was then determined that the auction would be ended manually by buying the existing allocation and instantly completing the process for rescuing the remaining funds.
It has been noted by SushiSwap that no loss of funds was faced by the company, and the firm would halt the utilization of the auction format of its MISO Dutch until the required modifications are made in the smart contract.