Sushiswap: Token Nullification And Reentry Attack Vulnerabilities - Tokenview blockchain Explorer
Sushiswap: Token Nullification And Reentry Attack Vulnerabilities - Tokenview blockchain Explorer
On August 28, 2020, the CertiK security research team discovered that Sushiswap smart contracts have two potential breakthroughs: token nullification and reentry attacks. This breakthrough resulted in a loss of USD 10,000 to USD 15,000.
Tokenview Blockchain explorer enables you to search the blockchain transaction.
Token withdrawal:
According to two functions, it can lead to null operation of tokens, setMigrator and migrate.
https://github.com/sushiswap/sushiswap/blob/master/contracts/MasterChef.sol
https://github.com/sushiswap/sushiswap/blob/master/contracts/MasterChef.sol
If the smart contract owner points the value of migrator to a smart contract containing malicious migrate method code through setMigrator, then the owner can perform any malicious operation he wants, and may even empty all the tokens in the account.
Reentry attack:
After executing the migrator.migrate(lpToken) line of code in line 142 in the above figure, the smart contract owner can use the reentrance vulnerability to re-execute the migrate method starting from line 136 or other smart contract methods to perform malicious operations.