On April 9, several security reports on Twitter revealed that a bug in a smart contract on the decentralized finance (DeFi) protocol SushiSwap led to losses of over $3 million. According to CertiK Alert and Peckshield, blockchain security companies, the bug occurred in the approval function in Sushi’s Router Processor 2 contract. This smart contract is responsible for aggregating trade liquidity from multiple sources and identifying the most favorable price for swapping coins.
The bug affected only users who had traded on the decentralized exchange in the past four days. SushiSwap’s head developer, Jared Grey, urged users to revoke permissions for all contracts on the protocol. A list of contracts requiring revocation has been created on GitHub to address the issue. Within hours of the incident, a “large portion of affected funds” was recovered through a white hat security process.
The weekend of April 8-10 was intense for the Sushi community. On April 8, Grey and his counsel commented on a recent subpoena from the United States Securities and Exchange Commission (SEC). Grey stated that the SEC’s investigation is a “non-public, fact-finding inquiry trying to determine whether there have been any violations of the federal securities laws.” He added that, to the best of his knowledge, the SEC had not concluded that anyone affiliated with Sushi had violated US federal securities laws. Grey claims to be cooperating with the investigation.
A legal defense fund in response to the subpoena was proposed at Sushi’s governance forum on March 21. The subpoena has created turmoil within the Sushi community, as some members feel that the protocol is being targeted unfairly. Others worry that the SEC investigation could lead to increased regulatory scrutiny of the DeFi space as a whole.
Security Concerns in DeFi
The recent bug on SushiSwap is just one example of the security concerns that have plagued the DeFi space in recent years. Smart contract bugs, hacks, and rug pulls have resulted in millions of dollars in losses for DeFi users. These incidents have led to increased scrutiny from regulators and call for better security measures in the DeFi space.
While some DeFi protocols have implemented security measures such as audits and bug bounties, others have not. The lack of regulation in the DeFi space has made it difficult for users to know which protocols are safe to use. Some experts predict that the DeFi space will continue to face security challenges until stronger regulatory frameworks are put in place.
SushiSwap’s Response to the Incident
Following the incident on April 9, SushiSwap’s head developer, Jared Grey, announced that the protocol was working with security teams to mitigate the issue. He also urged users to revoke permissions for all contracts on the protocol. A list of contracts on GitHub requiring revocation was created to address the problem. Hours after the incident, Grey took to Twitter to announce that a “large portion of affected funds” had been recovered through a white hat security process.
Conclusion
The recent bug on SushiSwap highlights the security challenges facing the DeFi space. While DeFi protocols offer users the ability to trade without intermediaries, they also come with inherent security risks. As the DeFi space continues to grow, it is crucial that protocols implement robust security measures to protect user funds. In addition, regulatory frameworks must be put in place to provide users with greater protection and ensure the long-term viability of the DeFi space
Source: https://www.cryptopolitan.com/sushiswap-loses-over-3-million-due-to-bug/