White Hats Just Defused a Potential $350M Heist on SushiSwap - CoinDesk - Deepstash
Hiring Without an Office

Learn more about technologyandthefuture with this collection

How to build trust in a virtual environment

How to manage remote teams effectively

How to assess candidates remotely

Hiring Without an Office

Discover 44 similar ideas in

It takes just

5 mins to read

<p dir="ltr">A group of people...

A group of people in the crypto community, led by crypto investment firm Paradigm’s research partner Sam Sun , may have just prevented SushiSwap’s token fundraising platform Miso from losing more than $350 million worth of ether (ETH, -5.98%) , after discovering and fixing a bug on the platform in under just five hours.

In a Dutch auction, investors place bids reflecting the maximum amount that they are willing to pay. Once the bids are collected, the highest bid is declared the winner. After the auction is finalized, unsuccessful bids are returned to their owners.

2

36 reads

<p dir="ltr">A group of people...

A group of people in the crypto community, led by crypto investment firm Paradigm’s research partner Sam Sun , may have just prevented SushiSwap’s token fundraising platform Miso from losing more than $350 million worth of ether (ETH, -5.98%) , after discovering and fixing a bug on the platform in under just five hours.

In a Dutch auction, investors place bids reflecting the maximum amount that they are willing to pay. Once the bids are collected, the highest bid is declared the winner. After the auction is finalized, unsuccessful bids are returned to their owners.

2

1 read

The vulnerability

The SushiSwap team and Paradigm’s Sun , in separate posts, both identified that, essentially, the vulnerability was centered around the ability to batch multiple calls to commitEth  and reuse a single msg.value  across every commitment, allowing an attacker to bid in the auction for free.

2

7 reads

“Combining batch with commitEth (a function on Miso Dutch Auction) creates a two-pronged issue where a user can both put up a commitment higher than ‘msg.value ’ thereby draining any unsold tokens and additionally drain the raised funds on the contract as refunds if the auction has reached max commitment,” SushiSwap’s team wrote in the post.

2

5 reads

“The bug was created when a convenience function for wallet addresses interacted with the refund mechanism of the auction contract,” explained Duncan Townsend, CTO at Immunefi, a bug bounty platform for DeFi that was also recruited to help solve the issue.

“Users could over-bid and get a refund of the difference between the current bid and the amount they submitted, but the refund could be repeated to drain the auction contract,” Townsend added.

2

1 read

The smart contracts that underpin DeFi are complex, combining “composable” Lego blocks to create new contracts and protocols. “This incident shows that even safe contract-level components can be mixed in a way that produces unsafe contract-level behavior. There’s no catch-all advice to apply here like ‘check-effect-interaction,’ so you just need to be cognizant of what additional interactions new components are introducing,” Sun said.

2

2 reads

CURATED BY

decebaldobrica

#engineering, #machinelearning and #crypto

stash-superman-illustration

Explore the World’s

Best Ideas

200,000+ ideas on pretty much any topic. Created by the smartest people around & well-organized so you can explore at will.

An Idea for Everything

Explore the biggest library of insights. And we've infused it with powerful filtering tools so you can easily find what you need.

Knowledge Library

Powerful Saving & Organizational Tools

Save ideas for later reading, for personalized stashes, or for remembering it later.

# Personal Growth

Take Your Ideas

Anywhere

Organize your ideas & listen on the go. And with Pro, there are no limits.

Listen on the go

Just press play and we take care of the words.

Never worry about spotty connections

No Internet access? No problem. Within the mobile app, all your ideas are available, even when offline.

Get Organized with Stashes

Ideas for your next work project? Quotes that inspire you? Put them in the right place so you never lose them.

Join

2 Million Stashers

4.8

5,740 Reviews

App Store

4.7

72,690 Reviews

Google Play

Sean Green

Great interesting short snippets of informative articles. Highly recommended to anyone who loves information and lacks patience.

Shankul Varada

Best app ever! You heard it right. This app has helped me get back on my quest to get things done while equipping myself with knowledge everyday.

samz905

Don’t look further if you love learning new things. A refreshing concept that provides quick ideas for busy thought leaders.

Ashley Anthony

This app is LOADED with RELEVANT, HELPFUL, AND EDUCATIONAL material. It is creatively intellectual, yet minimal enough to not overstimulate and create a learning block. I am exceptionally impressed with this app!

Jamyson Haug

Great for quick bits of information and interesting ideas around whatever topics you are interested in. Visually, it looks great as well.

Ghazala Begum

Even five minutes a day will improve your thinking. I've come across new ideas and learnt to improve existing ways to become more motivated, confident and happier.

Giovanna Scalzone

Brilliant. It feels fresh and encouraging. So many interesting pieces of information that are just enough to absorb and apply. So happy I found this.

Laetitia Berton

I have only been using it for a few days now, but I have found answers to questions I had never consciously formulated, or to problems I face everyday at work or at home. I wish I had found this earlier, highly recommended!

Read & Learn

20x Faster

without
deepstash

with
deepstash

with

deepstash

Access to 200,000+ ideas

Access to the mobile app

Unlimited idea saving & library

Unlimited history

Unlimited listening to ideas

Downloading & offline access

Personalized recommendations

Supercharge your mind with one idea per day

Enter your email and spend 1 minute every day to learn something new.

Email

I agree to receive email updates