Over $4.8 million was withdrawn from its liquidity pool by a self-proclaimed white hat hacker.
GameFi project Super Sushi Samurai (SSS), built on Coinbase’s Base layer-2 blockchain and the Telegram messaging app, saw a $4.8 million withdrawal on March 21 from its liquidity pools by a self-proclaimed white hat upon the discovery of a double spending glitch.
In a statement to Cointelegraph, blockchain analytics firm CertiK noted that “the vulnerability is within the [SSS] contracts _update() function, which doesn’t correctly update balances when transferring to self." So, when a user transfers their entire balance of SSS tokens to themselves, the resulting balance is doubled.
Just one month prior, the novel ERC-X token Miner crashed 99% after a user discovered a double-spending glitch that led to the infinite minting of tokens. "It's a pity that the contract has low-level loopholes. You can double your balance by transferring money to yourself," said Yu Xian, co-founder of Singaporean blockchain security firm SlowMist, regarding the incident. The glitch led to user losses of over $10 million.