A smart contract bug on the SushiSwap decentralized finance (DeFi) protocol resulted in losses of over $3 million on April 9, affecting only those who traded on the decentralized exchange in the last four days, according to security reports on Twitter. Blockchain security firms Peckshield and CertiK Alert discovered an issue in the approval function of Sushi’s Router Processor 2 contract, which aggregates trade liquidity from different sources to identify the most favorable price for swapping coins.
SushiSwap head developer Jared Grey urged users to revoke all contract permissions, while a GitHub list was created to address the problem. Through a security process conducted by ethical hackers, Grey announced on Twitter that a significant portion of the impacted funds had been retrieved.