![]() But once the excitement wanes, a bloated team can get too comfortable with inactivity and apathy (or simply farming a project’s treasury). Sushi seems to be a good case study for DAOs working, until they don’t.Ī small team of highly-motivated devs can disrupt the DEX landscape in just weeks. Then, in October, the new head chef, Jared Grey’s, murky past in a variety of struggling projects drew suspicion. However, a period of stagnation during the 2021 bull run ended in infighting. Users were either drained or revoked quickly, and whitehat efforts certainly helped to soften the PR blow.Įver since its launch, though, Sushi has been surrounded by drama.Ģ020’s DeFi summer saw Sushi come onto the scene in dramatic fashion, quickly establishing itself as one of DeFi’s darlings, alongside Uniswap, Curve, Aave and Compound. The damage wasn’t enourmous, nor particularly widespread. Rather than an existential threat to SushiSwap, this incident is more of an embarrassment than anything. See this list for addresses to revoke across multiple chains. So you can impersonate a V3Pool, do a no-op swap, call safeTransferFrom on an arbitrary ERC20 and arbitrary from address on line 347Ī more detailed breakdown was provided by ernestognw.eth. Although the line 328 comment is correct, line 340 does not check the pool deployer. SushiSwap router exploit comes from a bad callback. During the uniswapV3SwapCallback function, the contract is then able to drain (or 'yoink') tokens from any address which had approved it. The attacker was able to create a fake Univ3 pool, and insert their own contract address in place of a genuine liquidity pool. The new contract contained the function, processRoute, which is insufficiently protected against accepting arbitrary data. Luckily, the days-old contract had relatively few approvers, and this didn’t turn out to be the AMM-ageddon it could have been.īut this is a bad look for an already-embattled protocol, nonetheless. BlockSec also got involved, adding to their impressive list of recent whitehacks. ![]() One user claimed to have targeted 0xSifu as a whitehat, though the attempt appeared to have been botched, with only 100 ETH eventually returned. He later stated that the protocol is now safe to use, and the exploited contract has been removed, as well as promising a full post-mortem on events.Īmongst the chaos, DeFi’s favourite villain got rekt for 1800 ETH, and there was plenty of whitehacking activity. Sushi Head Chef, Jared Grey, acknowledged the bug, urging users to revoke approvals. Over $3.3M was stolen from SushiSwap users over the weekend via a new routing contract.Īll users who had approved Sushi’s 4 day old RouteProcessor2 contract at the time of the incident, were at risk, across 14 chains. note the positions on the mini map and how enemies fly through solid walls and over/through other obstaclesĪll in all, the 10 waves took all of five minutes, only 2-3 minutes shorter than what a coordinated squad can do, but still faster than would normally be possible.SushiSwap - REKT read this article also in: ![]() here are just a few of them, starting with just before I picked up a mod, and ending right as the mod pop up disappeared. Harrow stood directly on top of the cryopod, spamming 1 and possibly another ability, the scourge, and constantly stuttering/phasing off the cryopod towards the pile of enemies.ĭidn't have time to start recording but I did start taking screenshots. ![]() If this was just happening and everyone was just kind of, well murdering it, I would say it was a bug, but the harrow of the squad kept repeating the exact same action the whole time, whereas the other players would periodically meander away. ![]() I had enemy radar, and all of the spawns seemed to spawn and a split second later zip over into a pile next to the elevator/defense platform as if they had been hit with a tether grenade or nidus noodle. So today I loaded up some Helene, Saturn to farm some Meso relics, and I am not sure if this was just a bug or an exploit, but I am leaning towards exploit. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |