Yield farming aggregator and DeFi clone Dracula Protocol has released details on a smart contract bug in rival DeFi protocol SushiSwap.
The protocol was started in protest at SushiSwap which it claims was an unfair launch resulting in ‘vicious dumping’ on ordinary retail investors which eventually led to a massive price crash.
“When Sushi entered the market, centralized exchanges and major corporations listed and supported the project, despite its lack of ingenuity or novel ideas.”
Dracula Protocol aimed to combat this type of behavior by ‘exploiting and punishing whale-baked farms’ with a second-layer ‘vampire’ concept according to an introductory blog post. Essentially, this is pretty much what SushiSwap did to Uniswap back in late August.
Dracula has released another update today, details smart contract flaws that could be replicated every time the protocol is cloned.
Dodgy Smart Contracts Everywhere
Dracula Protocol has its own yield farming pools and unaudited smart contracts but that didn’t stop it from going on the attack against SushiSwap. It stated that the team wanted to expose a vulnerability and potential backdoor that was left by mistake, and forked multiple times in different projects.
“As far as we know, this issue is implemented in every Sushiswap clone.”
Essentially the MasterChef contract code has a number of functions for updating the pools and minting rewards which can be called repetitively depending on liquidity. The incongruities in these functions can cause some rewards to be burnt while others receive more than they should according to the post.
It added that malicious actors could exploit this vulnerability to mint more than the allocated amount of SUSHI per block. It then claimed that the auditors missed the code flaw. Peckshield audited SushiSwap’s smart contracts while Quantstamp carried out a security review.
“We believe that the severity of this finding is at least on a high level. The fact that it was overlooked by auditors raises some questions about the role of audit in DeFi.”
Dracula Protocol suggested a code fix which it said was ‘pretty simple’.
SUSHI Prices Down 94%
Whether the accusation is justified or not is debatable, but one thing that cannot be refuted is the crash and burn of SUSHI token prices.
SUSHI is down yet again today shedding more value to trade at $0.68. Since its massive pump in early September, just after the yield farms were launched, SUSHI has collapsed around 94% to today’s levels.