By Bitcoin.com - 1 sena ilu - Ħin tal-Qari: 3 minuti
Sushiswap Smart Kuntratt Bug Riżultati f'aktar minn $ 3M f'Telf; Il-Kap Kap Jgħid Mijiet ta' ETH Irkuprati
According to several reports, a bug introduced to the decentralized exchange (dex) protocol Sushiswap’s smart contract has resulted in more than $3 million in losses. The blockchain and smart contract security firm Peckshield explained the exploited contract was “deployed in multiple blockchains.”
Dex Platform Sushiswap Suffers From Smart Contract Exploit
Over the weekend, the dex platform Sushiswap saw its RouteProcess02 contract exploited and then distributed across various blockchain networks. Blockchain security firm Certik ippubblikati an alert after discovering the exploit. The company Peckshield also aġġornata the crypto community via Twitter, noting that Sushiswap’s “RouterProcessor2 contract has an approve-related bug.” It has also been reported that the victim was a well-known crypto advocate called Sifu, who reportedly lost 1,800 ether.
Sifu may not have been the only victim, as Certik’s alert mentions that a few USDC users may have been affected. “We have detected suspicious activity on [0x15d], which is a malicious router,” Certik Tweeted. “Revoke permissions if you have approved this router to spend your tokens. Stay safe. Multiple users who had approved the malicious contract have seen their USDC being transferred to [0x29e]. The wallet has taken about $20,000 in the last two hours,” the company miżjud.
A developer known as 0xngmi has detailed that the exploit should only be problematic for those who used Sushiswap during the last four days. “Only users impacted by Sushiswap hack should be those that swapped on Sushiswap in the last 4 days. If you did so, revert approvals ASAP or move your funds in the affected wallet to a new wallet,” 0xngmi tweeted. Sushiswap’s head chef Jared Grey also ikkonfermat the exploit and later dettaljat that “recovery efforts were underway.”
"Aħna assigurat porzjon kbir ta 'fondi affettwati fi proċess ta' sigurtà whitehat. Jekk għamilt irkupru tal-whitehat jekk jogħġbok ikkuntattja [protett bl-email] for next steps,” Grey qal at 9:42 a.m. Eastern Time on April 9. “We’ve confirmed recovery of more than 300 ETH from Coffeebabe of Sifu’s stolen funds. We’re in contact with Lido’s team regarding 700 more ETH,” Grey miżjud. Sushiswap’s CTO, Matthew Lilley, followed up later in the day and qal that there are currently no issues with using the Sushiswap dex platform.
“There is no risk at this time with using Sushi Protocol, and the UI. All exposure to RouterProcessor2 has been removed from the front end, and all LPing / current swap activity is safe to do,” the Sushiswap CTO explained. “We do ask that all users double-check their approvals, and if an address within this list below has an allowance for any of your tokens to please unapprove as soon as you can,” Lilley miżjud. Just recently, Grey told the community that the Sushiswap team irċieva taħrika from the U.S. Securities and Exchange Commission (SEC).
What do you think can be done to prevent smart contract bugs like this in the future? Share your thoughts in the comments below.
Sors oriġinali: Bitcoin. Bil