Developer finds another vulnerability in SushiSwap protocol

A vulnerability in the governance of the DeFi platform SushiSwap has been discovered that preserves the voting right for token holders even after transfer. Developer Chong Sok Park wrote about the double-spending bug in his blog.

The governance mechanism of SushiSwap allows token holders to transfer voting power. Transferring assets from a wallet should reset the delegation parameters, but due to the bug the user retains the governance power.

As explained by Park, the double-spending bug allows a user to extend voting power through delegation transactions. The developer sees a fix in adding the code “moveDelegates” to the SushiSwap smart contract when transferring tokens.

In a comment to Cointelegraph, the CEO of FTX, Sam Bankman-Fried confirmed the existence of the vulnerability. According to him, it does not pose a real threat to SushiSwap — the governance mechanism has not yet been activated.

Earlier, experts found ten vulnerabilities in SushiSwap. One of them allows re-adding a liquidity provider token, while another could lead to transferring funds to any address.

Earlier, the anonymous creator of SushiSwap “Chef Nomi” sold half of the funds from the platform’s development fund. This spurred the SUSHI price from $11 to $2.35.

As of writing, the asset is trading at around $2.70.

Subscribe to ForkLog news on Telegram: ForkLog FEED — the full feed of news, ForkLog — the most important news and polls.