Sushiswap "wrong currency" incident: I wanted to save Gas fees but lost $400,000

DeFi liquidity mining became popular, and the old leeks who had been out of space before could not hold back and ended up one after another.

But you never know, which one will come first, accident or sudden wealth.

The DeFi protocol SushiSwap has just been in operation for 3 days, and the total value of locked assets (TVL) has exceeded 700 million US dollars. The logic of SushiSwap is very similar to that of Uniswap, which also provides rewards for users who provide liquidity, but the gameplay is a little different. Uniswap’s logic is that only when LPs (liquidity providers) provide liquidity, can they get a 0.3% fee reward. Once Uniswap’s LP stops providing liquidity, the reward will also stop. In order to encourage everyone to use SUSHI, the project party designed the SUSHI/ETH pool as a double reward. Based on this calculation, the annual rate is temporarily as high as 9500%.

However, users’ operations are also required before coins are created. The old “leek” accidentally stepped on a pit while playing DeFi.

On the second day after SushiSwap ran liquidity mining, users mistakenly transferred coins.

zkSync: Sushi will be integrated with zkSync 2.0: According to official news, the Sushi ecosystem will be integrated with zkSync 2.0. According to Steve Newcomb, chief product officer at Matter Labs, Sushi’s ecosystem of DeFi tools combined with the security and scalability of EVM-compatible ZK-rollup will bring new flexibility to zkSync’s growing ecosystem. [2022/10/27 11:48:15]

On August 30, SushiSwap project official @Chef Nomi tweeted that a user transferred 400,000 USDT to his Token smart contract (SUSH) address. Moreover, the SushiSwap team stated that the tokens transferred to the smart contract will not be able to be withdrawn.        

SUSHI breaks through the $8.9 mark with an intraday increase of 13.61%: data from Huobi Global shows that SUSHI rose in the short-term, breaking through the $8.9 mark, and is now at $8.9, with an intraday increase of 13.61%. The market fluctuates greatly, so please do a good job in risk control. [2021/1/25 13:25:47]

The Odaily query found that the above 400,000 USDT was transferred from the Gate (Open Sesame) exchange in two transactions, with a time difference of only one hour.        

Is the sufferer an intern coin miner at Gate Exchange? No, a Gate user.

On August 30th, the official Gate official responded immediately that the move was caused by a user’s personal operation error.

SUSHI breaks through the $3.80 mark with an intraday increase of 23.28%: Huobi Global data shows that SUSHI rose in the short term and broke through the $3.80 mark. It is now reported at $3.8217, with an intraday increase of 23.28%. The market fluctuates greatly, so please do a good job in risk control. [2021/1/4 16:22:49]

Who is this user? Bihu user @冰砖 broke the news that he is Tuanzhang Wang, the founder of the currency circle’s self-media “Tuanzhang Wang Blockchain”.

According to the screenshots posted by @冰砖, Head Wang asked for help on social media, trying to contact Gate or SushiSwap officials to ask the officials to roll back the transaction or directly withdraw the tokens transferred by mistake.      

But the SushiSwap official has stated its attitude: it is impossible to roll back, and it is impossible to roll back in this life, unless Tether shamelessly rolls back.

AMPL has now launched geyser rewards on SushiSwap: On November 24, AMPL's official Twitter announced that it has now started liquidity mining activities on SushiSwap. It is understood that this new geyser reward will be opened on Uniswap, Balancer and Sushiswap. [2020/11/24 21:53:30]

Why can't the government directly withdraw coins and return them to users?

The SlowMist security team told Odaily Planet Daily that after analyzing the SushiSwap token contract, it was found that the smart contract did not reserve a token withdrawal interface, and the token transferred by the user by mistake was equivalent to being transferred to the zero address and permanently locked in the in the blockchain world.

"If the project party retains the highest withdrawal right, it can actually withdraw coins. But in order to decentralize, many projects have canceled the highest control right. Therefore, it is impossible to withdraw coins." BlockArk co-founder Mo Ke told Odaily Planet Daily.

Although Sushiswap’s lock-up volume exceeds Uniswap’s, the transaction volume is only one-fifth of the latter: According to news on September 10, although the lock-up volume has increased significantly since Sushi’s Sushiswap migration was completed, its transaction volume has not exceeded Uniswap. As of this writing, according to DeBank data, the total 24-hour trading volume of decentralized exchanges is $979.61 million, of which Uniswap V2 trading volume is $440,550,651 and Sushiswap trading volume is $90,040,945, which is one-fifth of Uniswap. In addition, in terms of the number of 24-hour transactions and the number of users, the gap between Sushiswap and Uniswap is also very large: currently Uniswap has 124,598 24-hour transactions and 21,351 24-hour users, while the two indicators of Sushiswap are 5141 and 962 respectively. [2020/9/10]

If SushiSwap actually extracts the tokens and returns them to users, it is equivalent to directly telling the world that there is a backdoor in the smart contract, and the project party can do whatever they want, which will be a devastating blow to the project. After all, in the blockchain world, Code is law (code is law).

Therefore, the SushiSwap official also expressed its attitude at the beginning: I deeply regret that there is nothing I can do.

In fact, in addition to the above-mentioned 400,000 USDT, the company also received transfers made by other users.

The Odaily Planet Daily query found that since the project started, the token smart contract has received a total of 8 transfers, with a total of 400,000 USDT, 18,086 AMPL (worth about 30,000 US dollars), and 1,100 SUSHI.

It is worth noting that the sender of AMPL is also Gate, and the leader Wang stated in the official account that he has a heavy position of 200,000 yuan in AMPL. Therefore, there is a high probability that the sufferer of this money is also himself.

I believe that after reading this, most people have a confusion: Since the token smart contract cannot withdraw coins, why do so many idiots deposit coins into it?

The SlowMist security team revealed the mystery: in order to save gas fees.

The standard operation for participating in liquidity mining is:

Withdraw coins from the exchange to the user's own wallet address (web wallet, etc.);

Open the liquidity mining project website, click on the corresponding mining pool, and call up the smart contract;

Authorize from the web wallet to transfer money to the project's smart contract.

The first step and the third part of the above process both use on-chain transfers, which require users to pay Gas fees. Therefore, some "smart people" thought about omitting the first step and depositing coins directly from the exchange to the smart contract of the project, which also led to the scene at the beginning of the article.

Why can't I transfer money directly from the exchange?

The SlowMist security team stated that the normal operation process is to use personal wallets to operate on the official website, and the official will have an upper-level routing contract to perform specific operations required by users (exchange, liquidity provision, etc.); , the action will not be triggered. "Therefore, users are advised to use the official website to operate as much as possible if they are not familiar with the specific operation process, so as to avoid the loss of assets caused by mistakes."

Finally, Odaily Planet Daily also wants to remind all friends who are interested in becoming "farmers":

When participating in mining, the projects that have passed the code security audit are the first choice. The representative security teams in China include: SlowMist, Paidun, Chengdu Lianan, etc.;

Be sure to understand the mining process, understand key concepts such as public key and private key, and be able to use the web wallet to transfer money proficiently;

When mining, do not directly transfer funds from the exchange into the project in order to save gas fees, otherwise the assets will be locked and cannot be retrieved;

Finally, some mining projects will add wallet private key authorization to the code to directly grasp the user's hot wallet. Therefore, important assets should not be placed in web wallets.

Author | Qin Xiaofeng

Editor | Mandy

Produced | Odaily Planet Daily

Tags：

Dogecoin Price