SushiSwap Fights Off Midnight Exploit Amid Recovering Price And Reputation

The DeFi ecosystem has always been plagued by exploits and hacks. With the sheer amount of money flowing through that space at this time, it’s more to be expected than anything.

Now, however, one more decentralized exchange managed to fight off such an attack, for the most part: SushiSwap. While the Automated Market Maker (AMM) has received a lot of criticism, it seemingly proved its ability to beat down an attack.

Covering The Negligible Losses Of $10K to $15K

Last night, people took note that Uniswap was suffering from an exploit. The DEX, originally starting off as a vampire DEX leaching off Uniswap, had its Head Developer, 0xMaki, start taking steps to counteract this exploit.

Possible @SushiSwap exploit found? @0xMaki sends exploiter a tx with a message to collect bug bounty.

See below ?

tx with message from 0xMakihttps://t.co/1MdXqw9chq

Exploiters address:https://t.co/ehh7EassCo@DefiantNews pic.twitter.com/fRpdA1j7y1

— JuanSnow (@Juan_Snow1) November 29, 2020

The exploit itself has now been resolved, according to the Discord channel for Sushiswap. This announcement further detailed that all the user funds lost in this exploit, somewhere between $10,000 and $15,000, will be covered by SushiSwap’s treasury.

The Exploit Itself

As for the exploit itself, and what this means for SushiSwap, DeFi degen, and andy, two smart contract engineers that 0xMaki personally thanked publicly on Twitter for their help, gave a few comments about the matter at large.

Andy stated that 0xMaki contacted him due to some “weirdness” occurring on SushiSwap, but was unsure of what it was at the time. After about an hour of communicating through a Discord call, andy and 0xMaki figured the exploit out.

According to andy, this attacker managed to wrap liquidity pool tokens, then deploy them into a new pool. From there, a strange logic within the system could be executed by the attacker, allowing them to pull those underlying tokens from the reward contract.

Plugging The Gaps In A Few Hours

It should be noted that it only took a few hours for these affected contracts to be patched. Alongside this, 0xMaki had employed Peckshield, an auditing firm, to review the changes and ensure the safety of further contracts.

Post-Mortem when I wake up, exploiter got around 10-15k so far from the 0.05% fees cut of Sushiswap.

LP – xSushi holders are safe!

It is a fascinating one thanks @andy8052 @danielque & sushi core devs for the quick reaction and help.

More soon! https://t.co/QmhNMTP28L

— 0xMaki 源 義経 (@0xMaki) November 29, 2020

What’s interesting about this matter is the Sushiswap team actively tried to communicate with this hacker. They sent a message to them while they were searching for a solution, telling them that they’re fixing the problem, but the man can apply for a bug bounty if he wanted to.

Recent hacks and exploits within the DeFi space has been known to include these types of messages more often. Value DeFi saw its flash loans be exploit, with the exploiter eventually taunting the team. Luckily, this hacker had some sort of heart, returning some funds to a user claiming to be a nurse.