Analyzing SushiSwap’s next steps as it recovers from the latest exploit
- SushiSwap initiates plans to refund users affected by recent exploits.
- The protocol approached Lido for assistance as massive amounts of the stolen funds were sent to the protocol.
Over the last few days, popular DEX SushiSwap [SUSHI], became a victim of an exploit, resulting in the loss of millions of dollars. The vulnerability was due to a bug related to the “approve” function in the SushiSwap Router Processor 2 contracts.
Read SUSHI’s Price Prediction 2023-2024
The vulnerability invalidated the inputs given by the users. It also enabled the attacker to create a malicious router parameter that directed users to an attacker-controlled pool.
However, the SushiSwap team was swift in its response and began to formulate plans to fix the issues pertaining to the problem immediately.
SushiSwap announced on 12 April how it will be transferring funds to victims of the recent exploit.
? RouteProcessor2 Exploit & User Refund Update!
? Read the below thread about: what's next for affected user funds and what processes we're setting up to return user funds.
?️ Firstly, please know that Sushi's Swap web app is safe to use now!
— Sushi.com (@SushiSwap) April 12, 2023
White hats and black hats
There will be two sets of users who will be receiving the refunds. The first would be those whose funds were acquired in a white hat exploit. A white hat exploit is a security vulnerability discovered and exploited by an ethical hacker or a security team.
The intention is to identify and report vulnerabilities to the system owner for fixing, rather than causing harm or damage.
Users impacted by the white hat exploit are safe as their funds exist in a contract and will be returned. However, users who have been affected by the black hat attack will have to submit an email to SushiSwap so that the protocol can verify whether the user’s address was impacted.
A friend in need
The SushiSwap protocol also reached out to the Lido protocol to help in collecting user funds so that they can be reimbursed to the users.
SushiSwap approached Lido because some of the malicious transactions that took place were built by independent block builders. And in one case a substantial amount of ETH was transferred as an MEV reward to the block builder that then redirected to Lido Execution Rewards Vault.
The team at SushiSwap also has reason to believe that about 78 ETH was sent to the Lido Treasury, which could be an easy starting point for recovering some of the funds that have been lost.
Realistic or not, here’s SUSHI market cap in BTC’s terms
Even though the actions taken by SushiSwap to safeguard their users were swift, the protocol’s performance got impacted nonetheless. According to data from Token Terminal, the number of daily active users and the revenue collected by the protocol declined.