In regard to a significant security risk to SushiSwap liquidity providers, the claims of a self-professed white-hat hacker have been dismissed by a SushiSwap developer.
After a white-hat hacker began prying into the contract of decentralised exchange SushiSwap, one of the team members denied the claimed vulnerability.
Media sources state that the hacker has claimed to have found a security weakness that may potentially put over $1 billion of user money at risk, as they chose to make the discovery public after contacting SushiSwap’s engineers for assistance but received no response.
One of the cryptocurrency mining and trading platform SushiSwap’s two-pronged incentive programme, the two “masterchef” programmes and the pools on SushiSwap’s non-Ethereum deployments such as Polygon, Binance Smart Chain, and Avalanche have apparently been shown to be susceptible to hacking.
The hack claims that the emergency withdrawal feature fails unless rewards are present in the SushiSwap pool. In this case, liquidity providers must wait about 10 hours for the pool to be refilled before they can get their tokens.
The hacker said, “Refilling the rewards account may take 10 hours for all signature holders to agree, and certain reward pools remain empty many times each month.”
However, the “Shadowy Super Coder” Mudit Gupta has gone to Twitter to dismiss the allegations, claiming that the supposed security threat is inaccurate and that no money are at danger.
In order to confirm that “anyone” may use the rewards-receiving option in the case of an emergency, rather than the hacker’s assertion that it takes 10 hours to reload the rewards pool, Gupta explained that “anyone” can contribute to the rewarder by means of a simple one-sign multi-sig transaction.
After learning of the vulnerability, the hacker claimed they were ordered to submit it on the bug bounty site Immunefi, where SushiSwap is giving prizes up to $40,000 to customers who discover potential problems in its code.
In addition, they said that the problem was resolved without compensation for Immunefi. They also mentioned that SushiSwap had been made aware of the situation presented.