SUSHISWAP

DESCRIPTION OF EVENTS

"Sushi is a DeFi protocol that is completely community-driven, serving up delicious interest for your held crypto assets." "On Sushi, you can take advantage of passive-income providing DeFi tools such as liquidity providing, yield farming and staking. Furthermore, due to the decentralized nature of being an AMM (Automated Market Maker), Sushi has fewer hurdles to execute your cryptocurrency trades and all fees are paid to the users who provided liquidity, just as it should be!"

“… we have designed SushiSwap as the next step forward in the Uniswap protocol design. Taking Uniswap’s elegant core design, we’ve added community-oriented features that we believe help improve the design of the protocol, as well as provide further benefits to the actors involved.”

"This coin followed in the footsteps of other YFI clones with its low supply and yield farming. When it was listed on Uniswap on August 26, it started at a high of $128 before finding a bottom at $0.69. In less than a week of its launch, it had been listed on Binance peaking at $15.96. On CoinMarketCap, it hit rank 74."

"As reported Monday by CoinDesk’s Will Foxley, a pseudonymous developer who goes by “Chef Nomi” launched the SushiSwap protocol in late August, and it was quickly cast as a “vampire protocol” because its inherent design intended to siphon away liquidity from a competing trading platform, Uniswap."

"The project quickly attracted more than $1 billion of collateral with a technique known as “zombie mining,” The market value of the associated SUSHI tokens surged roughly 500-fold in a matter of days to more than $300 million."

"SushiMaker is an important component of the SushiSwap protocol. It is used to collect the handling fee of each trading pair of SushiSwap, and by setting the routing of each token, the handling fee of different trading pairs is finally converted into sushi tokens, which will give back Holder of sushi token. This process happens on the SushiMaker contract."

"On January 27, 2021, according to the SlowMist Zone intelligence, SushiSwap was attacked again." "The attacker hinged on a weak spot in the SushiSwap protocol via a smart contract component known as Sushimaker." "The problem was that the transaction fee of the DIGG-WBTC trading pair was taken away by the attacker through special means. The SlowMist security team immediately intervened in the analysis of related incidents after receiving the intelligence."

A "SushiSwap DeFi misconfiguration was exploited to manipulate the exchange price of a DIGG-WETH pair which netted an attacker 81 ETH ($100K) profit."

"According to the logic of bridgeFor, we can find that if the bridge of a specific currency has not been manually set, the default bridge is WETH, that is, if the bridge is not set, the default is to convert the handling fee to WETH. The DIGG coin just didn’t set the corresponding bridge through setBridge."

"But there is another problem here, that is, during the swap process, if the transaction pair does not exist, the exchange process will fail. In this attack, the DIGG-WETH transaction pair did not exist at the beginning, so the attacker created a DIGG-WETH transaction pair in advance, and then added a small amount of liquidity. If a commission exchange occurs at this time, according to the feature of constant product mentioned above, because DIGG-WETH has very little liquidity, that is, the upper limit of WETH in DIGG-WETH is very small, while the number of commissions to be converted in SushiMaker is relatively small. Larger, such exchange will cause huge slippage. The exchange process will increase the price of WETH to DIGG in the DIGG-WETH trading pair, and all DIGG fee income of DIGG-WETH will be transferred to the DIGG-WETH transaction. By observing the liquidity situation of the DIGG-WETH trading pair, when the liquidity is maximum, there is only less than 2800 US dollars of liquidity. This result can also be mutually verified with the derivation of the formula."

"After the attacker completes the fee conversion at SushiMaker, the price of WETH to DIGG in the DIGG-WETH transaction pair has been increased, resulting in a small amount of WETH that can be exchanged for a large amount of DIGG, and the amount of this DIGG is exactly the DIGG-WBTC transaction Most of the fee income."

“After researching further, we found that although there had been an exploit, the damage had already been contained, and what had been perceived as a threat to the entire SushiSwap protocol was simply a smart scavenger picking up food that had been left behind.”

"Although a solution had been created some weeks earlier, it had to be applied manually along with each new pool. As this had not been applied, the scavenger was able to sneak in and take fees which should have gone to xSushi holders." "When new pairs were added in Sushiswaps’ Onsen, some non-ETH pairs were added, but no "bridge" was set up in the SushiMaker for DIGG/WBTC."

SushiSwap had a complex process for adding new trading pairs to their "SushiMaker" smart contract. The process was not followed properly when adding the DIGG-WETH trading pair. As a result an attacker was able to siphon off trading fees.

It doesn't appear any user funds were lost.

SlowMist Hacked - SlowMist Zone (May 18)
No Title (Jul 18)
Slow Mist Sushiswap Was Attacked For The Second Time (Jul 18)
The Rise Fall And Rise Of Sushiswap (May 24)
SushiSwap Falls Victim To Attack Again, And Hacker Make A Big Fat Profit - TokenPost (Jul 18)
SushiSwap Suffers Another Attack. Hacker Steals 81 Eth - BeInCrypto (Jul 18)
First Mover: SushiSwap's Billion-Dollar 'Rug Pull' Is Thriller to Crypto Geeks - CoinDesk (May 24)
Sushi price, chart, market cap and info | CoinGecko (May 24)
No Title (Jul 19)
@SlowMist_Team Twitter (Jul 19)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Jul 22)
Ethereum Transaction Hash (Txhash) Details | Etherscan (Jul 22)
SushiSwap (Jul 22)
以小博大，简析 Sushi Swap 攻击事件始末 (Jul 22)
Rekt - Badgers digg sushi (Jul 22)
SotN #31: The Rise of SushiSwap with 0xMaki (Sushi vs Uniswap, Differentiation, Future of Sushi) - YouTube (Aug 10)
blocksec-incidents/2021.md at main · openblocksec/blocksec-incidents · GitHub (Aug 11)
Replaying Ethereum Hacks - Sushiswap BadgerDAO's Digg | cmichel (Aug 11)

More case studies

Tin Finance
Exit Scam

PopcornSwap
Exit Scam