On the evening of April 8, our real-time monitoring systems flagged an issue with SushiSwap’s Route Processor contract. Upon further investigation, our team determined the issue to be a critical vulnerability and created a proof-of-concept (POC) to demonstrate the problem to the SushiSwap team.
Our team contacted SushiSwap’s Head Chef, Jared Grey, to report the vulnerability. Grey promptly alerted the engineering team, and a joint War Room was established between SushiSwap and HYDN.
It became immediately clear that creating a fix, even a temporary one, was going to be challenging. This was due to the fact that:
In a similar situation to the recent Multichain Hack, the only real options were to go public and recommend all affected users remove pending approvals and / or perform a white-hat hack.
If that was not complicated enough, rescuing funds from the users holding would not be sufficient because users with infinite approvals may:
And all of these actions would lead to new funds being at risk.
This was not going to be a simple vulnerability to solve…
Both teams worked tirelessly together through the night to develop a temporary fix for the vulnerability and devise a strategy to save as many user funds as possible. SushiSwap disabled the affected frontend to stop more users placing their assets into the pools, but the contracts themselves remained live.
It became clear that the best route to saving user funds was to perform a white-hat rescue by draining the funds and then front-running any other attacks or user transactions. This decision was made based upon all of the available data and by taking into consideration previous attacks such as the Multichain Hack in which they informed users to remove approvals for six tokens, warning that they were in danger. In the Multichain scenario, this had the effect of both alerting users to remove approvals, but also alerting hackers to a vulnerability.
As the night progressed, SushiSwap requested that HYDN drain the funds before performing front-running to protect user funds from attackers.
In response, HYDN drained funds from the vulnerable users and deployed a cross-chain watcher contract to front-run transactions and protect both affected user assets and future deposits.
With the contract deployed and funds drained, HYDN was able to save over $600k worth of user funds across multiple chains.
The root cause of the vulnerability was an approval bug in a Sushi contract called RouteProcessor2, which was open to exploitation. Weak input validation allowed an attacker to inject an arbitrary contract and impersonate a V3Pool stealing assets from anyone who had approved the RouteProcessor2 contract.
Fortunately deployment of the smart contract had only happened recently, limiting the potential impact of the vulnerability, with only a few thousands unique addresses across 8 chains being affected.
The attack could begin when the vulnerable contract’s processRoute() method was invoked and a long argument was given by the attacker, causing the router to read the attacker-created contract.
Public entry point `route` parameter containing the arbitrary allowed uniV3Pool address.
Extract from RouteProcessor2.sol
The uniswapV3SwapCallback() method could then be called by the vulnerable contract’s internal swap() function to send tokens from the source account to the recipient’s address.
The Pool is read from external caller input. Extract from RouteProcessor2.sol
Since there was weak validation and no pool verifications performed before passing the user-provided pool parameter to the swap, it gave an attacker the ability to run the swap function and set their pool address as the LastCallPool variable address.
The attacker could then steal the tokens of other users who had previously approved the RouterProcessor2 contract by using the fraudulent pool’s uniswapV3SwapCallback function in its swap function to bypass the msg.sender check.
ERC20 `tokenIn` address and its `from` parameter are extracted from the expected byte data returned by the uniswapv3 callback. It expects the previously injected value to be returned back, but the attacker can manipulate it to inject any token address and any sender to trigger a transferFrom call.
Extract from RouteProcessor2.sol.
This vulnerability placed millions of dollars worth of user funds at risk.
Despite the rapid efforts of the SushiSwap and HYDN team, assets valued at $3m were taken. How did this happen? While the SushiSwap and HYDN teams were working on the solution another blockchain security expert attempted a white-hat hack for 100 ETH. Ultimately, their transaction was detected by MEV bots in the public mempool, which then quickly replicated the attack and stole over $3m within minutes.
Alongside this, there were also a number of Tweets about the vulnerability from accounts such as Peckshield which alerted even more bad actors to the potential for an attack.
This challenging situation underscores the complex nature of blockchain security, responsible disclosure, and white-hat hacking. HYDN believes the individual acted with the best intentions for both SushiSwap and its users. Unfortunately, on this occasion, it did not play out as the white-hat anticipated.
All rescued funds were deposited to HYDN’s labeled white-hat wallet: 0x74eb...ffee
At the time of writing HYDN has rescued over $600k of user assets and HYDN continues to protect SushiSwap users from attack and further losses.
Furthermore, SushiSwap has made significant progress in recovering the remaining lost funds. To date, SushiSwap has recovered an additional 885 ETH (Approx. $1.77m). Another half of 795 ETH (Approx. $1.59m) is presently under the custody of the LIDO community. To address this, Sushi posted a proposal to the LIDO DAO requesting the return of exploited funds disbursed to validator stakers.
SushiSwap is committed to making all users whole, and the very last remaining part of the stolen funds lost to black hat hackers will be covered and refunded by the Sushi treasury.
SushiSwap understands the gravity of this incident and the impact it may have had on their users and is therefore taking every possible step to resolve this issue. To this end, HYDN has worked with the SushiSwap team to deliver a solid claim process for affected users. At the time of writing the user claim forms are currently undergoing validation, and the Merkle claim contract is being audited.
This successful collaboration between HYDN and SushiSwap highlights the value of proactive security monitoring, effective communication, and collaboration in the blockchain ecosystem. By working together, both teams were able to significantly reduce the impact of the vulnerability, ultimately preserving $600k in user funds.
Above all else, this vulnerability has again highlighted the need for Real Time fraud prevention, not just detection; following IT Security and Service Delivery best practice, not Crypto practices which lag significantly behind.
Relying on monitoring and alerting, smart contract audits, bug bounties, non existent or inadequate SLAs is not enough to prevent or limit the impact of hacks and exploits.
In the last week alone we have seen:
HYDN Prevent’s real-time fraud prevention technology is designed to address the limitations of traditional blockchain security measures. By identifying and stopping potential attacks before they happen, HYDN Prevent provides unparalleled protection for Dapps.
HYDN offers a range of services to help secure your blockchain project, including:
Smart Contract Audits — HYDN have performed audits for the likes of Sablier, Swapsicle, Dancing Seahorse, Nau Finance, BlueZilla, Manu Campa, and more. Get a free quote.
Web3 Penetration Testing — HYDN provides industry leading Web3 pen testing services to identify potential exploits and vulnerabilities and ensure secure Web3 integration. Get a free quote.
Disaster Recovery Planning — A disaster recovery (DR) plan is a formal document created by HYDN that contains detailed instructions on how to respond to unplanned incidents such as attacks, outages, natural disasters, and any other disruptive events. The plan contains strategies to minimize the effects of a disaster, so an organization can continue to operate or quickly resume key operations.
Crisis Management — HYDN have a standby Crisis team to assist projects on-demand should they encounter extreme scenarios. This involves technical, auditors and analysts. A simple contact will get us engaged and working with your team immediately.
The Crisis Management team is led directly by the CEO and COO who have a combined experience of over 40 years in IT Service and Crisis Management at firms such as Cisco Talos, Alert Logic, and NYSE.
To enquire about any of our products or services, head over to our website, drop us an email, or chat with us on Telegram.
Email — firstname.lastname@example.org
Telegram — @HYDNSecurity
Twitter — @HYDNSecurity