SushiSwap, a decentralized finance (DeFi) protocol, was exploited due to a bug in a smart contract. Users who traded in the past five days may be affected.

On April 9th, reports surfaced about the bug in a SushiSwap feature, which had caused the loss of millions of dollars. Jared Gray, the CEO of SushiSwap, later confirmed an exploit and provided details (thread) on the actions undertaken to address the issue.

The main victim of the exploit, caused by the "approve-related bug" in SushiSwap's RouterProcessor2 contract, became a prominent member of the Crypto Twitter community known as Sifu, from whose wallet was stolen about 1,800 ETH, according to the crypto analytics firm PeckShield.

After a separate investigation, Ancilia, a cybersecurity firm backed by Binance, concluded that the vulnerability resulted from a failure to validate access permissions during a swap transaction. The firm also discovered a vulnerable contract on the Polygon network.

PeckShield and SushiSwap Head Chef Jared Grey recommended revoking the RouterProcessor2 contract on all chains. Here's a detailed tutorial (thread) on that from the @lookonchain. And here, you can find a similar tutorial for Polygon.

According to Ancilia, Inc., the technical root cause "is because in the internal swap() function, it will call swapUniV3() to set variable "lastCalledPool" which is at storage slot 0x00." They also added that "later on in the swap3callback function, the permission check gets bypassed."

In other words, by approving the bad contract, users inadvertently authorize the exploiter to take their tokens through the "yoink" function due to a bug in the "approve" mechanism of the SushiSwap router contract.

"The bug allows an unauthorized entity to essentially "yoink" tokens without the proper approval from the token owner," explains The Block Research Analyst Brad Kay, adding: "Following the first attack for 100 ETH — possibly a white hat — it seems like another hacker came along and stole another 1800-ish ETH using the same contract but instead named their function "notyoink." (Source)

Early reports already claimed that the number of SushiSwap users at risk was not too big:

The DeFi Llama team also published a list of contracts across all chains that should be revoked across all chains and built a tool to check if any of your addresses have been affected.

According to Block Research Analyst Kevin Peng, the problematic contract has been approved by 190 Ethereum addresses thus far. On Arbitrum, however, over 2000 addresses have approved the bad contract.

Sunday morning, SushiSwap CTO Matthew Lilley followed up with some additional details (thread):

Jared Grey, on his turn, reported that more than 300 ETH of Sifu's stolen funds has since been recovered, with another 700 ETH in the process:

The SushiSwap team has also provided a link that traders can use to check their accounts and revoke any permissions if necessary.

Later on, Sunday the SushiSwap team claimed the exchange is currently up and running and bug-free:

External observers also signaled a resolution of the situation:

To conclude, another educational thread about interacting with DeFi and revoking methods and tools you can use: