A massive bug cannot be exploited yet as pool migration is set to continue.SushiSwap appears to be vulnerable from a sneaky bug that could multiply someone’s governance power without having to acquire new tokens.
Reported by developer Jong Seok Park on Sept.7, the bug can be described as a governance double-spend.
In essence, SushiSwap governance lets token holders delegate their voting power to another entity.However, if that token holder then transfers the tokens to someone else, the delegatee still maintains their governance power.The second token holder can now delegate tokens once again, multiplying the delegatee’s power by as much as necessary.The bug is that the token transfer does not reset delegation parameters, and this is likely the result of aggregating codebases from different projects.
SushiSwap’s governance contracts are largely a fork of Yam governance, themselves a fork of Compound.Looking at the Github source code of SushiSwap however, it appears that the token’s smart contract only modified the “mint” function from the standard implementation of ERC-20 contracts by OpenZeppelin.Yam, on the other hand, used a specific implementation of the standard that has a “moveDelegates” function called upon transferring.
In a conversation with Cointelegraph, FTX CEO and now lead for SushiSwap Sam Bankman-Fried confirmed the existence of the bug.
He noted that “it doesn’t pose an immediate problem for Sushi” as governance hasn’t yet been activated.
Catching the bug before live release means that the team can now work on solutions to fix it.Bankman-Fried believes that the issue should be fixable without having to migrate the project to new contracts, but the team is “still looking into it.”
It is interesting to note that SushiSwap was hastily reviewed and audited by multiple firms as the project blew up in popularity.
While one of the issues involves the same “moveDelegates” function at play here, it appears to be a different type of bug.It wouldn’t be the first time that audits fail to catch some issues, highlighting the need for the entire development community to pitch in to keep DeFi smart contracts secure.
SushiSwap itself is currently reeling from the aftermath of its anonymous founder jumping ship with a “devfund” in SUSHI tokens worth $27 million at some point.
The intended liquidity migration from Uniswap is still set to continue with new migration contracts, but the prior decision from Chef Nomi was cancelled.
Share this: Aeternity Blockchain Will Be Used to Track Cannabis in Uruguay Decentralized application (DApp)-focused blockchain Aeternity will be used to track the supply chain of Montevideo-based medical and recreational cannabis producer Uruguay Can.Aeternity announced in a press release published on Sept.25 that it is creating a supply chain management platform for the partner combining the Internet of Things and DApps.Aeternity Americas CEO Pablo Coirolo… Research: ICOs See Lowest Funding Level in 16 Months Funding for Initial Coin Offerings (ICOs) has seen its hardest slump in 16 months, Bloomberg reported September 10.Analysis from Autonomous Research shows that in August, startups raised $326 million, which is the smallest amount since May 2017.According to Autonomous Research, Ethereum (ETH) blockchain-based ICOs have been recognized as the spark for the ETH price… Crypto Exchange OKEx Confirms Tether Margin Futures Launch in October Cryptocurrency exchange OKEx plans to launch Tether (USDT) futures margin trading in October, the firm confirmed in an email to Cointelegraph on Sept.
23.An OKEx spokesperson said that Tether futures are scheduled to be launched next month, though the exact launch date has not been set as of yet.They explained: “We are planning to launch… Upbit Extends Its Partnership With Chainalysis for Enhanced Crypto Compliance Legal, regulated crypto is starting to move through the Asia-Pacific region.3109 Total views 32 Total shares Chainalysis announced the extension of its cooperation with South Korean crypto exchange Upbit today, aiming to provide blockchain analysis support across the Asia-Pacific region (APAC).According to the announcement, Upbit APAC will start using Chainalysis KYT (Know-Your-Transaction) to provide… To Justin Sun’s Chagrin, Huobi Listing Spikes Hive’s Price by 600% The price of Hive (HIVE), a hard-fork of Steem (STEEM), has skyrocketed following its listing on Huobi.The listing comes one month after Huobi and Binance mobilized customer funds to vote against the Steem community in favor of an apparent hostile takeover of the network, led by Tron founder and recent owner of Steemit, Justin Sun.However,… Pine64 Drops BitPay Before First Bitcoin Payment Over Twitter ‘Outcry’ The latest revolt against the controversial BitPay appears to result in open-source competitor BTCPay getting its business.882 Total views 28 Total shares Cryptocurrency payment processor BitPay has lost a major customer before it even began accepting any payments after a social media backlash.In a Twitter debate on May 15, computer manufacturer Pine64 said that… Crypto Cybersecurity Firm Ledger Hires In-House Security Officer As New CTO Hardware wallet manufacturer Ledger has hired Charles Guillemet as chief technology officer (CTO) where he will oversee the company’s security operations.In a press release shared with Cointelegraph on Dec.5, Ledger said that Guillemet has been in charge of the company’s security assessments for Ledger’s products ever since he started working at the firm in… Report: Cryptocurrencies Show Signs of Maturing But Remain Too Risky Bitcoin (BTC) presented historically low volatility this year, argues the Dec.2019 SFOX report released on Jan.8.Coupled with a lower correlation with altcoins, there are emerging signs that the market could start to behave in a more predictable way.
However, the cryptocurrency asset class remains disproportionately risky compared to the stock market.In its… Bitcoin Holds Just Over $4,000 as Top Cryptos See Slight Losses Sunday, March 24 — most of the top 20 cryptocurrencies are reporting slight losses on the day by press time, according to data from CoinMarketCap.Bitcoin (BTC) is down just over a tenth of a percent on the day, trading at around $4,021, according to CoinMarketCap.Looking at its weekly chart, the current price is just… Leave a Reply You must be logged in to post a comment.Search.
