Hack Explained - Super Sushi Samurai

Hack Explained - Super Sushi Samurai


1 min read

Super Sushi Samurai (SSS) is a GameFi project built on Coinbase's Base layer-2 blockchain, leveraging the Telegram messaging app for its operations. The project suffered a significant setback with a $4.8 million loss due to a critical exploit. This incident led to a drastic 99.9% drop in its token value, primarily caused by a vulnerability within its smart contract that allowed an attacker to manipulate token balances through a double-spending exploit.

Behind the Breach

The exploit was caused by a vulnerability in the SSS smart contract's _update() function. This flaw allowed the attacker to double the balance of SSS tokens by transferring the entire balance to themselves. By repeating this process, the attacker exponentially increased their token balance and then liquidated it for 1,310 ETH, which amounted to approximately $4.8 million. This was facilitated by the contract not properly updating balances during self-transfers.

Rivanorth is a boutique Web3 cybersecurity company. We specialise in smart contract audits and blockchain security advisory. Visit rivanorth.com to find out more.

You build the future. We help you secure it.