White Hats Just Defused a Potential $350M Heist on SushiSwap - CoinDesk

The SushiSwap team and Paradigm’s Sun , in separate posts, both identified that, essentially, the vulnerability was centered around the ability to batch multiple calls to commitEth  and reuse a single msg.value  across every commitment, allowing an attacker to bid in the auction for free.

“Combining batch with commitEth (a function on Miso Dutch Auction) creates a two-pronged issue where a user can both put up a commitment higher than ‘msg.value ’ thereby draining any unsold tokens and additionally drain the raised funds on the contract as refunds if the auction has reached max commitment,” SushiSwap’s team wrote in the post.

“The bug was created when a convenience function for wallet addresses interacted with the refund mechanism of the auction contract,” explained Duncan Townsend, CTO at Immunefi, a bug bounty platform for DeFi that was also recruited to help solve the issue.

“Users could over-bid and get a refund of the difference between the current bid and the amount they submitted, but the refund could be repeated to drain the auction contract,” Townsend added.

The smart contracts that underpin DeFi are complex, combining “composable” Lego blocks to create new contracts and protocols. “This incident shows that even safe contract-level components can be mixed in a way that produces unsafe contract-level behavior. There’s no catch-all advice to apply here like ‘check-effect-interaction,’ so you just need to be cognizant of what additional interactions new components are introducing,” Sun said.