Risk and Danger, but the Project Is Safe

Colin Baseman

Developers sometimes may find serious issues in the systems they work with. Major governance bugs are rather frequent and they carry too much risk and danger if technologists to not take care of the matter in due time. Such problems need to be resolved as soon as possible and all specialists agree with this opinion.

However, in some instances, it is not always easy to detect them and eliminate the issue that can ruin the entire network or make it less efficient and prone to other errors. SushiSwap’s team has recently confirmed that the specialists managed to find a bug. Luckily, they identified it and say that it carries no serious threat to the project.

Crypto analysts who have been studying this matter state that the bug is massive, and yet it cannot be exploited simply because pool migration has been set to continue.

Professionals mention that the company appears to be comparatively sensitive and vulnerable from a bug – as a matter of fact, the issue can multiply someone’s governance power. More than that, the bug can do it without the need to acquire any new tokens. Developers reported and started researching the issue.

After studies, they announced that the bug is similar to a governance double-spend. All in all, the firm’s governance allows all token holders to delegate their voting power. They have the right to give it over to another entity. Nevertheless, if the holder decides to transfer his assets to another person, the first representative still remains the main individual having the delegated governance power.


Next, the second token holder has the right to delegate tokens one more time – this is how he multiplies the delegatee’s power by as many times as he wishes. Professionals say that the bug won’t let the token transfer happen and the system cannot reset delegation parameters. Experts think that it might be the result of aggregating codebases that they receive from different projects.

How It All Functions and Works

There are lots of forks and the entire system involves Compound, Yam, and SushiSwap. If you look at the source code from Github, you will see that the token’s smart contract managed to modify just the ‘mint’ function. Many specialists pay attention to ERC-20 contracts and their standard implementation offered by OpenZeppelin. Furthermore, Yam’s developers found it useful to employ a specialimplementation of the standard – they needed it since it has a function known as ‘moveDelegates’ called once transferring occurs.

Executives admit that the bug exists and they must resolve the issue as soon as possible. They noted that the bug might not pose an urgent problem for the brand since the system hasn’t yet activated governance. Catching the bug is one thing, but now the team has to work on solutions and find the right ways to fix it. Experts believe that the problem can be fixed and there is no immediate need to migrate the entire project to new contracts. At the same time, the technologists are still looking into this option.

It’s essential to note that the company was audited and then reviewed. The process involved several teams. Even though one of the main problems involves the same function, it seems to be a different kind of bug. Audits have failed several times earlier and this means that the development sector has to get together and find the most efficient ways to keep DeFi smart contracts safe and secure.