SushiSwap Hit By Exploit
🔎 The Deets
The exploit involves an approve-related bug on the RouterProcessor2 contract. By approving the bad contract, users unknowingly allow the exploiter to steal their tokens through the "yoink" function, which was used by the first attacker. Reports indicate that only those who interacted with SushiSwap within the last four days are potentially at risk. DeFi Llama's @0xngmi has published a list of contracts across all chains that should be revoked and built a tool to check if any of your addresses have been impacted.
SushiSwap Head Chef Jared Grey has tweeted that they are working with security teams to mitigate the issue.
If you have interacted with SushiSwap in the last four days, check your addresses against the above information to see if you have been impacted. Revoking the RouterProcessor2 contract on all chains is recommended to prevent further potential attacks.
🎤 Community Quotes
Good morning. Woke up. Heard about the SushiSwap hack. Panicked. Happy Easter@LukasNerdwelten