Quantstamp Releases a Security Audit of SushiSwap, Finds 10 Flaws

Ritika Sharma
Ritika Kumari Sharma is an Economics Honors graduate from the University of Calcutta. She is completely into finance and believes that cryptocurrencies are the future. She is an enthusiast learner about the cryptocurrency and blockchain technology.
  • Quantstamp has released the security review for the brand new yield farming protocol SushiSwap.
  • The audit company has found ten security flaws with the SushiSwap code. 

Recently Quantstamp has released the security review for the brand new yield farming protocol SushiSwap which has been a headline in DeFi news for quite some time now. The audit company has found ten security flaws with the SushiSwap code. 

UniSwap Hardfork Reaches $1.4 TVL 

SushiSwap is a hardfork of the Uniswap cryptocurrency exchange but with some added features or what they refer to as ‘tokenomics’. It includes firstly distribution of almost 90% of Sushi tokens to the liquidity providers. And the remaining 10% is set aside for the developers of the protocol. Moreover, Uniswap LP token holders are free to stake their tokens in exchange for Sushi rewards. The protocol was only launched on 26th August and has almost reached $1.4 TVL. The platform ensures huge returns for liquidity providers. 

Most of the flaws were ranked on a severity from low to medium. Two of them were medium and the remaining three were medium. This is because most of the issues that are associated with Uniswap fork aren’t that dangerous unlike the one that happened with YFI’s clone, YAM. 

The Flaws that Were Listed by Quantstamp

 If the token is added more then once the rewards variable that is related with the token would be rebooted. Next, the migrators can be set to any contact which increases the risk of fund thefts. And more specifically if the private keys of the user is hacked. The next investigation revealed that 9% of the total Sushi supply is set aside for development, iteration procedures including the security audits. However the documents promised that 10% would be kept aside for such purposes. The _moveDelegated function may not work correctly after the token transfer is done. And lastly, the massUpdatePools() function may run out-of-gas in case too many tokens are added. 

SushiSwap’s Risk-Reward Ratio Unbalanced, Some People Back Out 

Apart from the five security flaws, Quantstamp has also provided the necessary recommendations for each of their findings. And there were five additional informational findings

Previously many people have expressed their concern regarding the unaudited and risky nature of SushiSwap. Adam Cochran, Cinneamhain Ventures partner has revealed that he will be exiting his last position in SushiSwap. This was because the risk and the reward ratio were becoming totally out of bounds. He added that the founder has not yet moved the locked funds but is calling the security review a full audit. 

We Recomaned

Top Rated Trading Platforms

Top Rated Cryptocurrency Exchange

Partners