A massive bug cannot be exploited yet, but it may put migration plans on hold.
SushiSwap appears to be vulnerable from a sneaky bug that could multiply someone’s governance power without having to acquire new tokens.
Reported by developer Jong Seok Park on Sept. 7, the bug can be described as a governance double-spend.
In essence, SushiSwap governance lets token holders delegate their voting power to another entity. However, if that token holder then transfers the tokens to someone else, the delegatee still maintains their governance power. The second token holder can now delegate tokens once again, multiplying the delegatee’s power by as much as necessary. The bug is that the token transfer does not reset delegation parameters, and this is likely the result of aggregating codebases from different projects.
SushiSwap’s governance contracts are largely a fork of Yam governance, themselves a fork of Compound. Looking at the Github source code of SushiSwap however, it appears that the token’s smart contract only modified the “mint” function from the standard implementation of ERC-20 contracts by OpenZeppelin. Yam, on the other hand, used a specific implementation of the standard that has a “moveDelegates” function called upon transferring.
In a conversation with Cointelegraph, FTX CEO and now lead for SushiSwap Sam Bankman-Fried confirmed the existence of the bug. He noted that “it doesn’t pose an immediate problem for Sushi” as governance hasn’t yet been activated.
Catching the bug before live release means that the team can now work on solutions to fix it. Bankman-Fried believes that the issue should be fixable without having to migrate the project to new contracts, but the team is “still looking into it.”
It is interesting to note that SushiSwap was hastily reviewed and audited by multiple firms as the project blew up in popularity. While one of the issues involves the same “moveDelegates” function at play here, it appears to be a different type of bug. It wouldn’t be the first time that audits fail to catch some issues, highlighting the need for the entire development community to pitch in to keep DeFi smart contracts secure.
SushiSwap itself is currently reeling from the aftermath of its anonymous founder jumping ship with a “devfund” in SUSHI tokens worth $27 million at some point.
The project is currently in a precarious state as its intended liquidity migration from Uniswap was predicated on successful audits by established security firms, in addition to the trust in the project’s anonymous founder.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.