Hack Explained - Super Sushi Samurai

RivanorthRivanorth
1 min read

Super Sushi Samurai (SSS) is a GameFi project built on Coinbase's Base layer-2 blockchain, leveraging the Telegram messaging app for its operations. The project suffered a significant setback with a $4.8 million loss due to a critical exploit. This incident led to a drastic 99.9% drop in its token value, primarily caused by a vulnerability within its smart contract that allowed an attacker to manipulate token balances through a double-spending exploit.

Behind the Breach

The exploit was caused by a vulnerability in the SSS smart contract's _update() function. This flaw allowed the attacker to double the balance of SSS tokens by transferring the entire balance to themselves. By repeating this process, the attacker exponentially increased their token balance and then liquidated it for 1,310 ETH, which amounted to approximately $4.8 million. This was facilitated by the contract not properly updating balances during self-transfers.

Rivanorth is a boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit https://rivanorth.com/ to find out more.

You build the future. We help you secure it.

0
Subscribe to my newsletter

Read articles from Rivanorth directly inside your inbox. Subscribe to the newsletter, and don't miss out.

hackingBlockchainCryptocurrencyEthereumData Breach

Written by

Rivanorth
Rivanorth

State of the art Cybersecurity services, always a step ahead. You build the future. We help you secure it.