Popular decentralized exchange (DEX) platform SushiSwap has suffered more than $3.3 million in losses after a hacker exploited a bug in a smart contract. More specifically, the DEX saw its RouteProcess02 contract, a smart contract that aggregates trade liquidity from multiple sources and identifies the most favorable price for swapping coins, exploited and then distributed across various blockchain networks. “Root cause is because in the internal swap() function, it will call swapUniV3() to set variable “lastCalledPool” which is at storage slot 0x00,” crypto security firm Ancilia said in a tweet. “Later on in the swap3callback function the permission check get bypassed.” DefiLlama pseudonymous developer 0xngmi suggested that only users who had swapped in the protocol during the past four days should be affected by the hack. “Only users impacted by Sushiswap hack should be those that swapped on Sushiswap in the last 4 days. If you did so, revert approvals ASAP or move your funds in the affected wallet to a new wallet,” 0xngmi tweeted. At least one user has fallen victim to the hack so far. The victim, who is a well-known crypto advocate called Sifu, reportedly lost 1,800 ETH (worth around $3.3 million).
Full story : SushiSwap Exchange Suffers Major $3.3 Million Smart Contract Hack.
