The code of the decentralized exchange SushiSwap, marketed as the “evolution of Uniswap,” contains ten vulnerabilities, but none are of critical severity. According to these findings from the smart contract audit, Quantstamp’s analysts concluded.
Two vulnerabilities are of moderate severity, three are of low severity, and the rest are informational. Experts did not recommend redeploying the protocol.
One of the two vulnerabilities warranting close scrutiny relates to the ability to re-add a liquidity provider (LP) token. In this case, reward variables are reset to zero.
The second vulnerability points to a risk of misappropriating funds, which increases if the owner’s private key is compromised. In the worst case, all LP tokens could be transferred to an arbitrary address. But this would occur only after two days, giving enough time to avert such a scenario.
Among issues with a lower risk tier is also the potential gas shortfall for fees in the massUpdatePools protocol when adding a large number of tokens.
Cinneamhain Ventures partner Adam Cochran is confident that the administrator of the SushiSwap platform at any moment could dump $27 million of native SUSHI tokens held in his wallet.
Citing the project’s Discord, Cointelegraph noted that “Chef Nomi”, the SushiSwap administrator, stated that the aforementioned amount represents his share, which was planned from the outset.
“Theoretically I could sell them all, but I don’t see anything wrong with that. Not that I’m hiding it or anything like that. I will also spend them on two audits and grants,” reassured the “Chef”.
As of writing, the value of assets locked in SushiSwap had approached $1.5 billion, five days after the DeFi project began operations, according to Zippo.io.
Nearly three-quarters of the $1.83 billion locked on Uniswap are in the pool containing the coins of its fork SushiSwap.
The price of the project’s native token SUSHI has surged sixfold in recent days and reached the current level of $7.42.
The success of the SushiSwap fork led to clones such as yuno.finance, Hotdogswap, pizzafinance and Kimchi.
“Chef Nomi” urged not to draw any parallels with his platform.
“I am not here to build some silly farming game. Profitable farming is only a means for fair distribution. If you want to gamble, perhaps you should prefer other spreading clones,” explained the SushiSwap administrator.
Earlier in the SushiSwap hype, Uniswap overtook Aave and Maker and rose to the lead among DeFi projects.
Follow ForkLog news on Twitter!