The first independent security review of SushiSwap by Quantstamp smart contract auditors has found no serious problems with the set of code that runs the defi dapp.
Ed Zulkoski, Senior Research Engineer, Shunsuke Tokoshima, Blockchain Researcher and Joseph Xu, Technical R&D Advisor, report that:
“No critical or high risk issues were found…. No found issues were critical enough to suggest re-deployment of the existing contracts.”
There were a number of medium severity issues, one of which was about the user experience in as far as if you by mistake deposit the same token twice on the sushi dapp, then that messes up with how many sushis you get distributed.
Another one has less to do with the code and more to do with the choice of execution. Once it comes to migration, that is once the tokens and cryptos deposited on uniswap are moved to sushi, then there’s a bit of trust required in Chef Nomi publishing a proper contract to facilitate/call that migration.
However, there’s a 48 hour period between its publishing and the migration, so if there’s any naughty behavior, depositors would just move out their funds.
The third one is actually good news for sushi holders because devs claimed they would be getting 10% of the sushi tokens to improve the dapp, but the contract is giving them only 9%.
The rest are miner non-issues really, with all of these being more suggestions of how the contract could have been done even better than vulnerabilities.
So sushi has passed this security review, but as we all know the only review that counts is that of the Nakamotos across the globe who may want some sushi.
Yet where devs are concerned it sounds like at this point they’ve done all they could, with other companies auditing the dapp as well.