The developer behind popular decentralized exchange SushiSwap has rejected a purported vulnerability reported by a white-hat hacker snooping through their smart contracts.

According to media reports, the hacker claimed to have identified a vulnerability that could place more than $1 billion worth of user funds under threats, stating they went public with the information after attempts to reach out to SushiSwap’s developers resulted in inaction.

The hacker claims to have identified a “vulnerability within the emergencyWithdraw function in two of SushiSwap’s contracts, MasterChefV2 and MiniChefV2” — contracts that govern the exchange’s 2x reward farms and the pools on SushiSwap’s non-Ethereum deployments such as Polygon, Binance Smart Chain and Avalanche.

While the emergencyWithdraw function allows liquidity providers to immediately claim their LP tokens while forfeiting rewards in the event of an emergency, the hacker claims the feature will fail if no rewards are held within the SushiSwap pool — forcing liquidity providers to wait for the pool to be manually refilled over a roughly 10-hour process before they can withdraw their tokens.

“It can take approximately 10 hours for all signature holders to consent to refilling the rewards account, and some reward pools are empty multiple times a month,” the hacker claimed, adding:

“SushiSwap’s non-Ethereum deployments and 2x rewards (all using the vulnerable MiniChefV2 and MasterChefV2 contracts) hold over $1 billion in total value. This means that this value is essentially untouchable for 10-hours several times a month.” 

However, SushiSwap’s pseudonymous developer has taken to Twitter to reject the claims, with the platform's "Shadowy Super Coder Mudit Gupta stressing that the threat described “is not a vulnerability” and that “no funds are at risk.”

Gupta clarified that “anyone” can top up the pool’s rewarder in the event of an emergency, bypassing much of the 10-hour multi-sig process the hacker claimed is needed to replenish the rewards pool. They added:

“The hacker's claim that someone can put in a lot of lp to drain the rewarder faster is incorrect. Reward per LP goes down if you add more LP.”

The hacker said they had bee instructed to report the vulnerability on bug bounty platform Immunefi — where SushiSwap is offering to pay rewards of up to $40,000 to users that report risky vulnerabilities in their code — after they first reached out to the exchange.

They noted that the issue was closed on Immunefi without compensation, with SushiSwap stating they were aware of the matter described.

Share: Cryptos feed

Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.

Join Telegram

Recommended content

Recommended Content

Editors’ Picks

Uniswap nears $3 billion in daily trading volume despite Wells notice and fee hike

Uniswap nears $3 billion in daily trading volume despite Wells notice and fee hike

Uniswap's (UNI) price witnessed a double-fold crash in the past week after it received a Wells notice from the SEC and later due to the general crypto market crash over the weekend. In the past week, UNI has decreased more than 38%.

More Uniswap News

Arbitrum Price Prediction: 10% losses likely for holders ahead of $107 million worth of cliff token unlocks

Arbitrum Price Prediction: 10% losses likely for holders ahead of $107 million worth of cliff token unlocks

Token unlocks are considered bearish catalysts, particularly when recipients are likely to cash in for a quick profit. The event, which adds tokens to the project’s circulating supply without increasing demand, leaves an effective imbalance in favor of supply. 

More Arbitrum News

Ethereum recovers from dip as Hong Kong ETH ETF approval sparks whale buying spree

Ethereum recovers from dip as Hong Kong ETH ETF approval sparks whale buying spree

Ethereum's (ETH) price slightly improved on Monday after Hong Kong approved applications for a spot Bitcoin and Ethereum ETF. Whales have also been accumulating ETH after the market dip over the weekend.

More Ethereum News

Bitcoin price delays pre-halving rally as US and China battle for BTC supremacy ahead of halving

Bitcoin price delays pre-halving rally as US and China battle for BTC supremacy ahead of halving

Bitcoin has failed to showcase an enticing pre-halving rally. As the event remains less than a week out, traders and investors remain at the edge of their seats, with thoughts on whether the impact of the fourth cycle will be different than what has been seen before. 

More Bitcoin News

Bitcoin: BTC’s rangebound movement leaves traders confused

Bitcoin: BTC’s rangebound movement leaves traders confused

Bitcoin (BTC) price has been hovering around the $70,000 psychological level for a few weeks, resulting in a rangebound movement. This development could lead to a massive liquidation on either side before a directional move is established. 

Read full analysis

BTC

ETH

XRP

Crypto partners in your location