Sushiswap contract exploit: Revoke permissions in wallet if you have interacted with Sushiswap in the past 4 days

50 thoughts on “Sushiswap contract exploit: Revoke permissions in wallet if you have interacted with Sushiswap in the past 4 days”

1. This sucks.

   Granted, defi is intrinsically the epitome of “play stupid games, win stupid prizes.”

   Put lamely, you win some, you use lose some.

   Wish all who are affected the best.

2. Thank you for this and I hope everybody’s moons are safe!

3. Problem is when there is no one to hold liable nothing stops a dev to hack/steal (directly or
   Indirectly by introducing a vulnerability and working with a third party) and claim they been hacked.

4. The more this stuff happens, the more of a bitcoin maxi I inch my soul closer too

5. This is my first time seeing a warning flair on any post on r/cc… I did panic a little. Hopefully everyone is ok

6. So if Sushi’s tool says I’m safe should I revoke anyway? or just leave it?

7. https://revoke.cash/ is an option to review all permissions you’ve given from your wallet.

8. To avoid having to manually revoke every contract after your done using it, set a custom spending limit when approving the contract

   On metamask you can press the Edit Permissions button: https://i.imgur.com/XM7fa86.png

   Then set the custom limit to exactly how many coins you intend to use for this transaction: https://i.imgur.com/wG51nyn.png

   Once the limit is set, you can approve the transaction: https://i.imgur.com/q44JXWu.png

   After the transaction is done the contract no longer has permission to spend any more tokens so your wallet is not in any danger anymore

9. Oh sh*t!!!!

10. Smart contracts, the future of finance!

11. Shouldn’t be more secure that after accepting any smart contract you revoke it later always? The transaction was done, better be safe than sure, maybe it will be a standard to do or I’m wrong?

12. I took a look and it appears my LP position has disappeared. Is there a way to confirm this? I am not an expert blockchain investigator.

13. Thank you for pinning this.

14. ty for your service bud.. we need more like you..

15. Good looking out, important to get this out in one place.

16. Thank you for the news. I need to revoke it

17. And this is why crypto will not be adopted any time soon.

18. Where has the moons-eth pool gone? Sushi hiding it or something? What a mess.

19. Not how I wanted to spend my Easter

20. Not another hack. Jesus.

21. Well I’m away from my wallet so I guess I won’t know about my funds on sushi until I get back. Should be a fun surprise 😀

22. Why does this keep happening in ETH dapps? Is this a contract language limitation/vulnerability?

23. That is why i trust CZ and his Binance over these DEXs……..

24. WARNING! Your old liquidity is still there even if you can’t see it like you used to.

    I had a mini heart attack after returning home from a 5 days trip and not seeing my shit. Turns out the contracts were updated and your liquidity is safe, unless you interacted in the past 4 days like this post says.

    It’s in Legacy Positions tab, but I can’t open it for some reason. The website is shitting itself right now.

    You should be able to remove the old liquidity from this link

25. For your own safety, go to official website etherscan(dot).io check “more” > “services” > “token approvals” and revoke any permissions for SushiSwap dapp

26. Thanks for this post:) Even I am not involved. Thats a great move of yours!

27. https://0xngmi.github.io/sushi-test-hack/

    Here’s a tool someone built to quickly check if your address has approved this contract or not.

28. RIP liquidity providers. You don’t deserve this

29. Oh shit, thanks for this warning

30. Ugh… happy Easter..

31. On Sushi it says my liquidity position is 0 and my staked position is 0. I am currently on the Unstake Liquidity box with the button to aprrove SLp and balance shows 5.6. Are my funds safe? I tried to unstake but its not really working. Any advise would be much appreciated

32. [deleted]

33. Thanks for the heads-up.

34. Terrible. Sucks really

35. I hope that will help:)

36. Bro this is not a good look. We all know how fucked up defi is right now but this was too close to home for me personally, I will be cautious about providing liquidity for the foreseeable future.

37. Thank you! Gonna go revoke.

38. Thank you for the heads up OP! I went to check the LP this morning and wasnt sure why it wasnt loading, then I saw on Coin Market Cap that Moons were down 15%. Glad I revoked everything.

    Keeping my liquidity in the pool as well. If you’ve revoked permissions you should be fine.

39. Thanks for the heads up!

40. someone was just telling me sushiswap would be super hard to get hacked. Smh.

41. Thanks for the update. I was afraid of connecting my wallet to check my LP

42. Sucks for any of the liquidity providers who got affected by this. Hopefully their moons are somehow retrieved and given back to the owners for the future moons sake.

43. 

44. Bought more moons this morning and then finally provided liquidity (funded mostly by ARB drop) before I knew this was going on. Still keeping liquidity in the pool though, revoked contracts though.

    Incidentally not glad this happened, but as someone not as familiar with ETH side of the house I had some old stuff to revoke.

45. Dang , just like that

46. I’m pro crypto, but contrast stuff like this with all the talk of replacing traditional banking. We need some fresh security and UX ideas regarding smart contracts.

47. “bE yOur owN BAnK!! 11!”

48. lmao the ceo (?) tweeting that its such a good thing abt its high user volume before realising that its due to the exploit…

49. …… and I am locked out of Metamask —- cos not at home, and wants password instead of fingerprint……

    Fun times 🙁

50. You should approve only what you need for each transaction on chains that are cheap. The extra half cent and couple seconds it takes to approve each tx on arb nova is worth the piece of mind.

Comments are closed.