White Hats Just Defused a Potential $350M Heist on SushiSwap

A group of people in the crypto community, led by crypto investment firm Paradigm’s research partner Sam Sun, may have just prevented SushiSwap’s token fundraising platform Miso from losing more than $350 million worth of ether, after discovering and fixing a bug on the platform in under just five hours.

Because of the collective efforts, SushiSwap says no funds have been lost.

According to a post published by SushiSwap on Monday, Sam Sun, and his colleagues Georgios Konstantopoulos and Daniel Robinson – all from San Francisco-based crypto investment firm Paradigm – reached out to the team at Sushi to alert them to “a vulnerability” on the “Dutch auction” contract on the Miso platform.

In a Dutch auction, investors place bids reflecting the maximum amount that they are willing to pay. Once the bids are collected, the highest bid is declared the winner. After the auction is finalized, unsuccessful bids are returned to their owners.

The vulnerability

The SushiSwap team and Paradigm’s Sun, in separate posts, both identified that, essentially, the vulnerability was centered around the ability to batch multiple calls to commitEth and reuse a single msg.value across every commitment, allowing an attacker to bid in the auction for free.

“Combining batch with commitEth (a function on Miso Dutch Auction) creates a two-pronged issue where a user can both put up a commitment higher than ‘msg.value’ thereby draining any unsold tokens and additionally drain the raised funds on the contract as refunds if the auction has reached max commitment,” SushiSwap’s team wrote in the post.

“The bug was created when a convenience function for wallet addresses interacted with the refund mechanism of the auction contract,” explained Duncan Townsend, CTO at Immunefi, a bug bounty platform for DeFi that was also recruited to help solve the issue.

“Users could over-bid and get a refund of the difference between the current bid and the amount they submitted, but the refund could be repeated to drain the auction contract,” Townsend added.

“All future planned auctions utilizing the specific Dutch auction contracts with ETH commitments have been paused until an updated version is redeployed,” SushiSwap’s team wrote.

The takeaway: Smart contracts are hard

At the conclusion of his blog post, Sun reflected that one of the most important lessons to be learned from this discovery is that even “safe components can come together to make something unsafe.”

The smart contracts that underpin DeFi are complex, combining “composable” Lego blocks to create new contracts and protocols. But the manner in which these blocks are combined can have inadvertent, disastrous consequences, even when programmers are using inherently safe individual components. “This incident shows that even safe contract-level components can be mixed in a way that produces unsafe contract-level behavior. There’s no catch-all advice to apply here like ‘check-effect-interaction,’ so you just need to be cognizant of what additional interactions new components are introducing,” Sun said.

The event took place just after the biggest DeFi exploit to date took place last week: Cross-chain DeFi site Poly Network was attacked, losing more than $600 million worth of cryptocurrencies, due to a bug.

In the case of the SushiSwap vulnerability, however, many in the crypto community have taken to social media to praise the five-hourlong collective rescue efforts led by the research arm at Paradigm.

“Chad af,” Twitter user @KadenZipfel wrote (a “chad” usually refers to an “alpha male” in the common parlance of internet slang).

“Absolute King,” another Twitter user, @BanhbaoCrypto, wrote. “The Defi super hero we all need but don’t deserve!”