{"id":122659,"date":"2020-11-29T23:43:18","date_gmt":"2020-11-29T20:43:18","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/as-token-price-rises-and-reputation-mends-sushiswap-foils-midnight-exploit\/"},"modified":"2020-11-29T23:43:18","modified_gmt":"2020-11-29T20:43:18","slug":"as-token-price-rises-and-reputation-mends-sushiswap-foils-midnight-exploit","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/as-token-price-rises-and-reputation-mends-sushiswap-foils-midnight-exploit\/","title":{"rendered":"# As token price rises and reputation mends, Sushiswap foils midnight exploit"},"content":{"rendered":"<p>&#8220;<strong># As token price rises and reputation mends, Sushiswap foils midnight exploit <\/strong>&#8221;<br \/>\n<img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjAtMTEvZWMyYzA0OTQtZTM4Ny00MjVjLWFiYjctOWQ1NzUwNWNlMjM4LmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-5a136f3a>As exploits and hacks run rampant across the DeFi ecosystem, at least one project <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ears to have fended off the worst of an attack \u2014 the once-maligned \u201cvampire\u201d AMM (automated market maker) exchange Sushiswap.\u00a0<\/p>\n<p>Observers noticed last night that Sushiswap \u2014 which got its start leeching liquidity from rival AMM Uniswap \u2014 was experiencing an exploit, and that anonymous head developer 0xMaki was taking steps to mitigate it:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Possible <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/SushiSwap?ref_src=twsrc%5Etfw\">@SushiSwap<\/a> exploit found?  <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/0xMaki?ref_src=twsrc%5Etfw\">@0xMaki<\/a>  sends exploiter a tx with a message to collect bug bounty.  <\/p>\n<p>See below <\/p>\n<p>tx with message from 0xMaki<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/t.co\/1MdXqw9chq\">https:\/\/t.co\/1MdXqw9chq<\/a><\/p>\n<p>Exploiters address:<a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/t.co\/ehh7EassCo\">https:\/\/t.co\/ehh7EassCo<\/a><a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/DefiantNews?ref_src=twsrc%5Etfw\">@DefiantNews<\/a> <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/t.co\/fRpdA1j7y1\">pic.twitter.com\/fRpdA1j7y1<\/a><\/p>\n<p>\u2014 JuanSnow (@Juan_Snow1) <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/Juan_Snow1\/status\/1332992258115657730?ref_src=twsrc%5Etfw\">November 29, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>Reports from the Sushiswap Discord channel now indicate that the exploit has been resolved, and that all lost user funds (between $10,000 and $15,000) will be covered by the Sushiswap treasury.\u00a0<\/p>\n<p>To gain a better understanding of the exploit and what it means for Sushiswap, Cointelegraph spoke to one of the smart contract engineers that 0xMaki personally thanked on <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> for helping to mitigate its effects: self-described \u201cDeFi degen\u201d and solidity developer \u2018andy.\u2019 <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Post-Mortem when I wake up, exploiter got around 10-15k so far from the 0.05% fees cut of Sushiswap.<\/p>\n<p>LP &#8211; xSushi holders are safe!<\/p>\n<p>It is a fascinating one thanks <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/andy8052?ref_src=twsrc%5Etfw\">@andy8052<\/a> <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/danielque?ref_src=twsrc%5Etfw\">@danielque<\/a> &amp; sushi core devs for the quick reaction and help.<\/p>\n<p>More soon! <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/t.co\/QmhNMTP28L\">https:\/\/t.co\/QmhNMTP28L<\/a><\/p>\n<p>\u2014 0xMaki \u6e90 \u7fa9\u7d4c (@0xMaki) <a rel=\"nofollow noopener noreferrer\" target=\"_blank\" href=\"https:\/\/twitter.com\/0xMaki\/status\/1332993111950319618?ref_src=twsrc%5Etfw\">November 29, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to andy, 0xMaki contacted him at 10pm EDT.\u00a0<\/p>\n<p>\u201cHe (0xMaki) said there was some weirdness going on but was unsure what it was. We spent about 1 hour in a discord call going through transactions until we figured out what the exploit was.\u201d<\/p>\n<p>Andy explained that the attacker wrapped liquidity pool tokens and deployed them to a new pool, allowing the attacker to execute \u201creally weird logic to pull the underlying tokens from the reward contract.\u201d <\/p>\n<p>The affected contracts were patched within hours, and according to 0xMaki the auditing firm Peckshield will be reviewing the changes<\/p>\n<p>Adding a layer of intrigue to the exploit is that 0xMaki and the Sushiswap team attempted to communicate with the exploiter as they searched to find a solution, sending a short message to the exploiters address:<\/p>\n<p>\u201cI see you, we are working on fixing it. Contact me on Discord for a bug bounty &#8211; 0xMaki,\u201d the message read.<\/p>\n<p>Similar messages have been a feature of many recent hacks and exploits, including Value DeFi\u2019s flash loan exploit where the exploiter taunted the team (and later returned some of his ill-gained proceeds to a victim claiming to be a nurse), and the earlier Dforce hack, where the attacker returned funds with a note looking to the future. <\/p>\n<p>andy, however, doesn\u2019t think it\u2019s the beginning of a wider trend.<\/p>\n<p>\u201cI don&#8217;t see it turning into anything just cause it is expensive and inefficient,\u201d he said. <\/p>\n<p>The quick fix may also be a sign that Sushiswap&#8217;s wider fortunes are on the rise. Sushiswap\u2019s arrival on the scene, founder exitscam, and eventual return of \u2018rugpulled\u2019 funds was one of the messiest stories of the wild DeFi summer.\u00a0<\/p>\n<p>With the passage of time, however, the market is once again showing signs of faith in Sushiswap. The price of the exchange\u2019s SUSHI governance token is up over 100% on the month. <\/p>\n<p>For his part, andy\u2019s faith never wavered and the response to the attack is just another sign of the competency from the new Sushi team. <\/p>\n<blockquote><p>\u201cThey have been heads down working super hard. Just look at all the cool stuff they have released and are working on. It definitely doesn&#8217;t hurt my view of them but also didn&#8217;t really change much for me personally as I already thought pretty highly of the team.\u201d<\/p><\/blockquote>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener noreferrer\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/as-token-price-rises-and-reputation-mends-sushiswap-foils-midnight-exploit\" target=\"_blank\" rel=\"noopener noreferrer\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;# As token price rises and reputation mends, Sushiswap foils midnight exploit &#8221; As exploits and hacks run rampant across the DeFi ecosystem, at least one project appears to have fended off the worst of an attack \u2014 the once-maligned \u201cvampire\u201d AMM (automated market maker) exchange Sushiswap.\u00a0 Observers noticed last night that Sushiswap \u2014 which&#8230;<\/p>\n","protected":false},"author":1,"featured_media":122660,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/s3.cointelegraph.com\/uploads\/2020-11\/ec2c0494-e387-425c-abb7-9d57505ce238.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74891,74882,73821],"class_list":["post-122659","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-ethereum","tag-hacks","tag-developers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/122659","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=122659"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/122659\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/122660"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=122659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=122659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=122659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}