A smart contract bug in the popular decentralized exchange SushiSwap has led to the theft of about $3.3 million in Ethereum (ETH).
According to the crypto analytics firm PeckShield, the bug is connected to the contract approval process and is related to an update that was implemented a few weeks ago.
The bug led to the theft of about 1,800 ETH from a well-known crypto trader who goes by the name Sifu.
SushiSwap says all hands are on deck to recover funds, if possible.
The team has provided a link that traders can use to check their accounts and revoke any permissions if necessary.
SushiSwap CTO Matthew Lilley says the exchange is currently up and running and bug free.
“There is no risk at this time with using Sushi Protocol, and the UI. All exposure to RouterProcessor2 has been removed from the front end, and all LPing / current swap activity is safe to do.
We do ask that all users double-check their approvals, and if an address within this list below has an allowance for any of your tokens to please unapprove as soon as you can.”