Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
As yield farmers race to reap fast returns from the next hot Uniswap clone, security researchers caution about the risks of unaudited smart contracts.
Blockchain security firm Quantstamp has published a security review of hyped DeFi protocol SushiSwap, identifying ten issues with the platform.Â
The good news is the issues with the Uniswap fork arenât likely to be fatal â unlike the critical bug that took out YFI clone YAM after 48 hours. The researchers identified two medium risk, three low risk, and five informational issues with the code.
Among the concerns identified were errors failing to prevent the same liquidity provider token from being added more than once â risking disruptions to reward variables; a vulnerability potentially allowing funds to be stolen from the platform should the ownerâs private key become compromised; and an issue that could result in the protocols âmassUpdatePoolsâ running out of gas.
While none of the issues found were âcritical enough to suggest redeployment of the existing contracts,â Quantstamp urged caution for the platformâs users.
Other researchers have pointed out additional concerns for SushiSwap users, with Cinneamhain Ventures partner Adam Cochran revealing yesterday that the protocolâs developer fund is holding $27 million worth of unlocked SUSHI tokens âthat could be dumped or used to dump against LP tokens.â
4/18While I want so badly to believe in the project because a community owned AMM would be great, if you have a $27M dev fund at the center of your anon project that you refuse to lock up and think is not a priority - that's a red flag.
â Adam Cochran (@AdamScochran) September 2, 2020
Responding to Cochranâs criticism, SushiSwapâs anonymous head âChef Nomiâ said that the $27 million worth of tokens had been designated for âdevshareâ:
In theory I can sell all of them, but I don't see anything wrong with it. It's the devshare and it's [been] specified in there since the beginning.
For his part Cochran said the risk reward ratio from SushiSwap was getting unbalanced and he was off to farm elsewhere.
Disclosure: Exiting the last of my $Sushi position. Founder still hasnât moved on locking funds & is now purposefully calling a âsecurity reviewâ a full audit. This pump opportunity puts fully diluted value at nearly $2b mcap. Too much risk here, & not much upside left. Iâm out.
â Adam Cochran (@AdamScochran) September 3, 2020
Despite being less than one week old, SushiSwap, has already lured more than $1.4 billion in locked funds from Uniswap with the promise of enormous returns for liquidity providers in a business model some have dubbed a âvampire attackâÂ
The protocolâs native token has gained more than 600% over the past few days and emerged as a top 70 crypto asset by capitalization boasting a 24-hour trade volume equal to more than 200% of its quarter-billion-dollar market cap.
There has been an explosion in food-themed DeFi Uniswap clones purporting to offer extreme rewards to yield farmers, with Kimchi and Hotdogswap quickly making waves in the DeFi markets over recent days.
Despite quickly capturing the imaginations of the yield farming community, Hotdogâs native token plummeted more than 99.9% from $4,000 to $1 over the course of five minutes just hours after the protocolâs launch today.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.