- Quantstamp has released the security review for the brand new yield farming protocol SushiSwap.
- The audit company has found ten security flaws with the SushiSwap code.
Recently Quantstamp has released the security review for the brand new yield farming protocol SushiSwap which has been a headline in DeFi news for quite some time now. The audit company has found ten security flaws with the SushiSwap code.
UniSwap Hardfork Reaches $1.4 TVL
SushiSwap is a hardfork of the Uniswap cryptocurrency exchange but with some added features or what they refer to as ‘tokenomics’. It includes firstly distribution of almost 90% of Sushi tokens to the liquidity providers. And the remaining 10% is set aside for the developers of the protocol. Moreover, Uniswap LP token holders are free to stake their tokens in exchange for Sushi rewards. The protocol was only launched on 26th August and has almost reached $1.4 TVL. The platform ensures huge returns for liquidity providers.
Most of the flaws were ranked on a severity from low to medium. Two of them were medium and the remaining three were medium. This is because most of the issues that are associated with Uniswap fork aren’t that dangerous unlike the one that happened with YFI’s clone, YAM.
The Flaws that Were Listed by Quantstamp
If the token is added more then once the rewards variable that is related with the token would be rebooted. Next, the migrators can be set to any contact which increases the risk of fund thefts. And more specifically if the private keys of the user is hacked. The next investigation revealed that 9% of the total Sushi supply is set aside for development, iteration procedures including the security audits. However the documents promised that 10% would be kept aside for such purposes. The _moveDelegated function may not work correctly after the token transfer is done. And lastly, the massUpdatePools() function may run out-of-gas in case too many tokens are added.
SushiSwap’s Risk-Reward Ratio Unbalanced, Some People Back Out
Apart from the five security flaws, Quantstamp has also provided the necessary recommendations for each of their findings. And there were five additional informational findings.
Previously many people have expressed their concern regarding the unaudited and risky nature of SushiSwap. Adam Cochran, Cinneamhain Ventures partner has revealed that he will be exiting his last position in SushiSwap. This was because the risk and the reward ratio were becoming totally out of bounds. He added that the founder has not yet moved the locked funds but is calling the security review a full audit.