White Hat timely intervention saves SushiSwap $350M by uncovering ‘obvious’ exploit

• White Hat potentially saves SushiSwap $350M by discovering an ‘obvious’ exploit
• The SushiSwap decentralized exchange saved from becoming the latest DeFi hack victim
• An expert from capital firm Paradigm known as “samczsun” has managed to save SushiSwap 109,000 ETH

The SushiSwap decentralized exchange had a narrow escape from becoming the latest DeFi hack victim thanks to assistance from a white hat hacker. White Hat helped save SushiSwap $350 million by highlighting an obvious chink in the MISO platform. The timely detection helped prevent a potential loss of as much as 109,000 ETH.

A security buff attached to the venture capital firm Paradigm known on Twitter as “samczsun” has managed to save SushiSwap preventing a potential loss of as much as 109,000 ETH, almost equivalent to $350 million.

Giving the details of the incident in a blog post dated August 17, the programmer explained how he began examining the smart contract code for the BitDAO token sale at SushiSwap’s token launchpad platform, MISO.

On closer inspection, the security expert discovered a flaw in the MISO Dutch auction contract whereby some of the functions lacked access controls. The white Hat later said that he never expected the Sushi team to make such a mistake. Delving deeper, the White Hat activist found a vulnerability that, if exploited, could result in all of the crypto assets in the token auction contract being drained by a malicious actor. An attacker could reuse the same ETH over and over to batch multiple calls to the contract and “bid in the auction for free.

Samczsun checked the vulnerability with a successful exploit before contacting colleagues Georgios Konstantopoulos and Dan Robinson to take a look and double-check the findings. He also discovered that a hacker could siphon off funds from the contract by triggering a refund by sending a higher amount of ETH than the hard auction cap.

The White hatter found that the chink in the security became a little bigger. He discovered that he was not dealing with a bug that would let someone outbid other participants. It was a 350 million dollar bug.

SushiSwap CTO Joseph Delong formulated a rescue plan

The matter became severe enough to warrant alerting SushiSwap CTO Joseph Delong to formulate a rescue plan before the exploit was discovered in the wild. It was decided that the BitDAO team holding the token sale would manually end the auction and buy out the remaining allocation and immediately finalize the process, and rescuing the funds.

SushiSwap noted that no funds were lost in the salvage effort. It added that it would pause the use of its MISO Dutch auction format until the smart contract can be updated.

Philosophy of the space among the best actors

Crypto community member “DC Investor” commented that Paradigm has big UNI / Uniswap bags, but Sam from their team just helped save SushiSwap, which is its competitor, from a critical bug. This is the philosophy of space among the best actors.

The BitDAO token sale went off without a hiccup and managed to raise more than 112,000 ETH, valued at roughly $336 million, from over 9,200 participants, according to a tweet from the protocol on August 17.