Sushiswap: Token Nullification And Reentry Attack Vulnerabilities - Tokenview blockchain Explorer
On August 28, 2020, the CertiK security research team discovered that Sushiswap smart contracts have two potential breakthroughs: token nullification and reentry attacks. This breakthrough resulted in a loss of USD 10,000 to USD 15,000.
Tokenview Blockchain explorer enables you to search the blockchain transaction.
According to two functions, it can lead to null operation of tokens, setMigrator and migrate.
If the smart contract owner points the value of migrator to a smart contract containing malicious migrate method code through setMigrator, then the owner can perform any malicious operation he wants, and may even empty all the tokens in the account.
After executing the migrator.migrate(lpToken) line of code in line 142 in the above figure, the smart contract owner can use the reentrance vulnerability to re-execute the migrate method starting from line 136 or other smart contract methods to perform malicious operations.