Skip to content

Developer finds major governance flaw in SushiSwap, but no threat to the project yet

September 7, 2020

He SushiSwap appears to be prone to an elusive bug that could multiply a person’s power of governance without having to purchase new tokens.

Reported by developer Jong Seok Park on September 7th, The mistake can be described as a double government cost.

Essentially, The SushiSwap government allows token holders to delegate their voting rights to another company. However, if that token holder transfers the tokens to someone else, the delegate will still retain their authority. The second token holder can now delegate the tokens again and multiply the power of the delegate by the required value. The error is that transferring the tokens does not reset the delegation parameters. This is likely the result of aggregating the code bases of different projects.

Developer finds major governance flaw in SushiSwap, but no threat to the project yetDeveloper finds major governance flaw in SushiSwap, but no threat to the project yet

SushiSwap’s government contracts are largely an offshoot of the Yam government, which is itself a fork of Compound.. However, if you look at SushiSwap’s Github source code, it appears that the token’s smart contract only changed the “mint” function of OpenZeppelin’s standard implementation of ERC-20 contracts. Yam, on the other hand, used a specific implementation of the standard that has a “moveDelegates” function that is called to transmit.

In an interview with Cointelegraph, the CEO of FTX and now the head of SushiSwap, Sam Bankman-Fried confirmed the existence of the bug. He noted that “it is not an immediate problem for sushi” as the government has not yet been activated.

If the bug is detected before it goes live, the team can work on solutions to fix it. Bankman-Fried believes that the problem should be solvable without having to migrate the project to new contracts, but the team is “continuing to investigate”.

It’s interesting to note SushiSwap was hastily scrutinized and reviewed by several companies as the project grew in popularity. Although one of the problems concerns the same moveDelegates function that is in play here, it appears to be a different type of bug. It wouldn’t be the first time audits have overlooked some issues, underscoring the need for the entire developer community to contribute Protect smart DeFi contracts.

the same SushiSwap is currently wavering from the consequences of its anonymous founder, who jumps off the boat with a “devfund” in SUSHI tokens worth $ 27 million Sometime.

Uniswap’s alleged liquidity migration is still pending continue with new migration contracts, but boss Nomi’s previous decision was overturned.

Don’t stop reading:

Receive Breaking News !

Install
×
Enable Notifications    Ok No thanks