Researchers identify 10 security flaws with SushiSwap

Published at: Sept. 3, 2020

Blockchain security firm Quantstamp has published a security review of hyped DeFi protocol SushiSwap, identifying ten issues with the platform. 

The good news is the issues with the Uniswap fork aren’t likely to be fatal — unlike the critical bug that took out YFI clone YAM after 48 hours. The researchers identified two medium risk, three low risk, and five informational issues with the code.

Among the concerns identified were errors failing to prevent the same liquidity provider token from being added more than once — risking disruptions to reward variables; a vulnerability potentially allowing funds to be stolen from the platform should the owner’s private key become compromised; and an issue that could result in the protocols ‘massUpdatePools’ running out of gas.

While none of the issues found were “critical enough to suggest redeployment of the existing contracts,” Quantstamp urged caution for the platform’s users.

Other researchers have pointed out additional concerns for SushiSwap users, with Cinneamhain Ventures partner Adam Cochran revealing yesterday that the protocol’s developer fund is holding $27 million worth of unlocked SUSHI tokens “that could be dumped or used to dump against LP tokens.”

4/18While I want so badly to believe in the project because a community owned AMM would be great, if you have a $27M dev fund at the center of your anon project that you refuse to lock up and think is not a priority - that's a red flag.

— Adam Cochran (@AdamScochran) September 2, 2020

Responding to Cochran’s criticism, SushiSwap’s anonymous head ‘Chef Nomi’ said that the $27 million worth of tokens had been designated for “devshare”:

In theory I can sell all of them, but I don't see anything wrong with it. It's the devshare and it's [been] specified in there since the beginning.

 

For his part Cochran said the risk reward ratio from SushiSwap was getting unbalanced and he was off to farm elsewhere.

Disclosure: Exiting the last of my $Sushi position. Founder still hasn’t moved on locking funds & is now purposefully calling a ‘security review’ a full audit. This pump opportunity puts fully diluted value at nearly $2b mcap. Too much risk here, & not much upside left. I’m out.

— Adam Cochran (@AdamScochran) September 3, 2020

Despite being less than one week old, SushiSwap, has already lured more than $1.4 billion in locked funds from Uniswap with the promise of enormous returns for liquidity providers in a business model some have dubbed a “vampire attack” 

The protocol’s native token has gained more than 600% over the past few days and emerged as a top 70 crypto asset by capitalization boasting a 24-hour trade volume equal to more than 200% of its quarter-billion-dollar market cap.

There has been an explosion in food-themed DeFi Uniswap clones purporting to offer extreme rewards to yield farmers, with Kimchi and Hotdogswap quickly making waves in the DeFi markets over recent days.

Despite quickly capturing the imaginations of the yield farming community, Hotdog’s native token plummeted more than 99.9% from $4,000 to $1 over the course of five minutes just hours after the protocol’s launch today.

Tags
Altcoin
Defi
Tokens
Decentralized Exchange
Sushiswap
Related Posts
These 3 metrics suggest there’s still time for another ‘DeFi Summer’
Decentralized finance (DeFi) has been a big part of the explosive growth seen across the cryptocurrency ecosystem in 2021, with decentralized exchanges like Uniswap and SushiSwap and lending protocols like Aave and Compound adding a new dimension of token utility. Data from Messari’s DeFi Assets index shows that over the past 30 days, a majority of the top 10 DeFi tokens gained more than 20%, with the top gainer, Terra (LUNA), seeing its price increase more than 116%. Three developments make the bullish case for DeFi tokens: a rapidly recovering total value locked, rising trading volumes on decentralized exchanges and …
Markets / Aug. 12, 2021
UNI defies price dump predictions, emerges as top 20 DeFi token
The token, which was airdropped to past Uniswap users in batches of 400 per wallet without warning yesterday, has defied predictions that the market would crash from its initial pricing of $3 as the 75,235 users who have claimed so far raced to dump their free coins. Instead UNI has establishing a trading range of between $2.60 and $3.80 over the past 12 hours. UNI, the governance token of the decentralized exchange (DEX) Uniswap, has emerged from its first 24-hours of trading as a top-65 ranked crypto asset by market cap. According to DeFi Pulse, Uniswap has also leapt up …
Altcoin / Sept. 18, 2020
Here are 6 DEX tokens that have seen exponential growth in 2021
DeFi has steadily grown in prominence over the past year thanks in large part to the strong foundations established by decentralized exchanges (DEX) that enable easy access to the latest tokens and projects. While there have been previous iterations of DEX user interfaces, such as IDEX or Etherdelta, it wasn’t until Uniswap launched that trading in the DeFi network really took off and facilitated the launch of the finance tokens. Here are six of the top-performing tokens in the decentralized finance sector. UNI/USDT Uniswap has risen from the humble beginnings of a simple user interface that allowed for a token …
Markets / Feb. 27, 2021
Exchange tokens benefit as centralized exchanges battle with DeFi platforms
Fresh institutional and retail investor inflows into the cryptocurrency market have led to bull market conditions for many top tokens from blue-chips like Bitcoin (BTC) and Ether (ETH) to more recently established DeFi projects like AAVE and Synthetix (SNX). Exchange tokens are another easily overlooked sub-sector of the market but they have been performing exceptionally well in 2021 as increases in trading volumes results in a larger pool of fees to collect when the exchange’s native token is used for settlement. Native exchange tokens are also typically used as the base pair for funding new listings and token buybacks. Here …
Markets / Feb. 21, 2021
Bitcoin price is sideways, silver hits a 7-year high and XRP’s rally pops
Bitcoin (BTC) price spent the day trading in a tight range between $32,000 and $34,000. At the time of writing, the digital asset is pinned below the descending trendline resistance and each attempt to cross above it is met by selling. Data from Cointelegraph Markets and TradingView show a price increase of 4.14% for the top cryptocurrency, which currently trades at $33,840. In light of the sideways price action, Ki Young Ju, the CEO of the cryptocurrency analysis firm CryptoQuant, spotted a potential bullish indicator that may indicate a price breakout in the near future for Bitcoin. According to Ju, …
Bitcoin / Feb. 1, 2021