SushiSwap’s RouteProcessor 2: An Analysis of the Post-Event Report

04/19/2023 04:45 • Blockchain Briefs • 141 views

On April 19th, Sushi Swap released a post event analysis report on RouteProcessor 2. The report states that due to 18 replay transactions, 1800 WETHs initially depleted from the first user’s wallet eventually entered multiple wallets. So far, a total of 885 ETHs have been refunded. Among them, approximately 685 ETHs were sent to Sushi core contributors for multi-signature operations, 190 ETHs were sent to affected users, and 10 ETHs were sent to Sushi rescue contracts. At the time of writing this report, there was still another wallet that could steal 94.9 ETHs, currently stored in the 0x8AC0B9656b7c39be0d3D73828D2041E8C0e27712 wallet. In addition, the HYDN security team helped Sushi save over $750000 in user assets. In addition to the 885 ETHs that have been retrieved, there are currently 795 ETHs in the execution level reward vault.

SushiSwap: 885 ETHs have been recovered and two types of claim processes have been set up for affected users

SushiSwap, an automated market maker (AMM), recently released a post-event analysis report on RouteProcessor 2, which occurred on April 19th. The report provides details on how 1800 WETHs initially depleted from the first user’s wallet eventually entered multiple wallets. In this article, we will delve deeper into the findings of the report, detailing the refund process, the remaining risks, and the security measures that helped Sushi save over $750000 in user assets.

Refund Process

According to the report, a total of 885 ETHs have been refunded so far. Among them, approximately 685 ETHs were sent to Sushi core contributors for multi-signature operations, 190 ETHs were sent to affected users, and 10 ETHs were sent to Sushi rescue contracts. However, there is still another wallet that can steal 94.9 ETHs, currently stored in the 0x8AC0B9656b7c39be0d3D73828D2041E8C0e27712 wallet.
Despite the success of the refund process, it’s important to note that there are still remaining risks associated with the incident. The report identified the possibility of another attack on the remaining assets and an increased risk of the RouteProcessor’s design. As such, Sushi is taking further steps to address these risks, including improving the smart contract and revamping the security design.

Recovery and Security Measures

The report further detailed the security measures Sushi employed to successfully recover the assets. First among them was the deployment of a new patch, which, when combined with code changes, prevents the replay of the transactions. Another measure was the on-chain fund recovery mechanism, which has shown to be an effective way of recovering funds.
Most notably, the HYDN security team worked with Sushi to identify the vulnerabilities and help prevent the loss of assets. Through the use of different analysis tools, the team discovered a replay vulnerability and a reentrancy bug. This security measure helped Sushi save over $750000 in user assets.

Conclusion

In conclusion, the post-event report on RouteProcessor 2 provided valuable insights regarding the incident, the refund process, and the security measures that were employed to prevent further losses. Although the road to full recovery may still be long, the findings of the report are a testament to the effectiveness of SushiSwap’s security measures.

FAQs

1. What is SushiSwap?
SushiSwap is a decentralized exchange built on the Ethereum blockchain that allows users to trade cryptocurrencies.
2. How did the RouteProcessor incident occur?
The RouteProcessor incident was a replay attack where transactions were replayed onto a different chain to deplete the wallets of users.
3. What measures did SushiSwap take to prevent further losses?
SushiSwap deployed a new patch that prevents the replay of transactions, improved their smart contract, and worked with the HYDN security team to identify vulnerabilities and prevent the loss of assets.

This article and pictures are from the Internet and do not represent aiwaka's position. If you infringe, please contact us to delete:https://www.aiwaka.com/2023/04/19/sushiswaps-routeprocessor-2-an-analysis-of-the-post-event-report/

It is strongly recommended that you study, review, analyze and verify the content independently, use the relevant data and content carefully, and bear all risks arising therefrom.