Difference between revisions of "SushiSwap (SUSHI)"

From CryptoWiki

 
(4 intermediate revisions by the same user not shown)
Line 21: Line 21:
* [https://secureum.substack.com/p/aave-certora-secureum-collaboration Used] [[Certora|Certora's]] Prover tool with formal verification technology to complement/assist their manual audits (2-10-2022).
* [https://secureum.substack.com/p/aave-certora-secureum-collaboration Used] [[Certora|Certora's]] Prover tool with formal verification technology to complement/assist their manual audits (2-10-2022).
*
*
*Scored [https://www.daometer.xyz/review/8 63%] on [[DAOmeter]], scored very low on Voting (no staking for voting, no custom tooling and no delegates), low on Documentation (no reporting, gov code not public), Security (little auditing and admin keys), Treasury (multi-sig, no custom tooling and no dedicated team), Proposal (not stored on chain) and a bit low on Community (off and onboarding not clear).
*Scored 63% on [[DeFi Safety]] after an updated [https://www.defisafety.com/pqrs/113 review] (17-12-2021):
*Scored 63% on [[DeFi Safety]] after an updated [https://www.defisafety.com/pqrs/113 review] (17-12-2021):
"Activity is well over 100 transactions a day on contract MasterChefV2.sol, The basic software function of the MasterChef V1/V2, [[Oracle]], BentoBox, and Kashi are all outlined in the [https://dev.sushi.com/sushiswap/contracts/masterchefv2 documentation]. No code coverage found, but there is clearly a robust testing suite within the SushiSwap [[GitHub]] repositories. SushiSwap has had their MasterChefV2 contract [https://www.certora.com/pubs/MasterChefV2April2021.pdf formally verified].  
"Activity is well over 100 transactions a day on contract MasterChefV2.sol, The basic software function of the MasterChef V1/V2, [[Oracle]], BentoBox, and Kashi are all outlined in the [https://dev.sushi.com/sushiswap/contracts/masterchefv2 documentation]. No code coverage found, but there is clearly a robust testing suite within the SushiSwap [[GitHub]] repositories. SushiSwap has had their MasterChefV2 contract [https://www.certora.com/pubs/MasterChefV2April2021.pdf formally verified].  
*[https://defisafety.com/2020/10/24/sushiswap/ Previously scored] a 57% (4-5-2020); ''"There is [https://docs.defisafety.com/finished-reviews/draft-0.7-sushiswap#access-controls no discussion] of a pause control. No evidence of audit reports on their website, docs or developer docs.  Their security sections only talk about bug bounties.. This appears intentional.  Therefore score of 20% indicating no audits, even though for the previous audit we wrote the text below.."''
*[https://defisafety.com/2020/10/24/sushiswap/ Previously scored] a 57% (4-5-2020); ''"There is [https://docs.defisafety.com/finished-reviews/draft-0.7-sushiswap#access-controls no discussion] of a pause control. No evidence of audit reports on their website, docs or developer docs.  Their security sections only talk about bug bounties.. This appears intentional.  Therefore score of 20% indicating no audits, even though for the previous audit we wrote the text below.."''
*Before it also [https://docs.defisafety.com/finished-reviews/sushiswap-process-quality-audit scored] a 57% on [[DeFi Safety]] (9-2020); ''"Two audits were performed after deployment from [[Quantstamp]] and [[PeckShield]]. Some changes were implemented while others will be dealt with by the team without [[contract]] modification as the contracts are in heavy use. No critical flaws found."''
*Before it also [https://docs.defisafety.com/finished-reviews/sushiswap-process-quality-audit scored] a 57% on [[DeFi Safety]] (9-2020); ''"Two audits were performed after deployment from [[Quantstamp]] and [[PeckShield]]. Some changes were implemented while others will be dealt with by the team without [[contract]] modification as the contracts are in heavy use. No critical flaws found."''
*Had their Shoyu NFT protocol [https://twitter.com/LevxApp/status/1443183272343658498?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1443183272343658498%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.delphidigital.io%2Freports%2Fan-ounce-of-hopium-for-eth-bulls%2F audited] by [[Peckshield]], [[Haechi]] and [[Zokyo]] (29-9-2021).
*Had their Shoyu NFT protocol [https://twitter.com/LevxApp/status/1443183272343658498?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1443183272343658498%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fwww.delphidigital.io%2Freports%2Fan-ounce-of-hopium-for-eth-bulls%2F audited] by [[Peckshield]], [[Haechi]] and [[Zokyo]] (29-9-2021).
*From the yEarn Partnership Roundup (11-12-2020):
*From the yEarn Partnership Roundup (11-12-2020):
Line 39: Line 39:
=== Bugs/Exploits ===
=== Bugs/Exploits ===


* On March 9, 2023 SushiSwap was once again [https://twitter.com/AnciliaInc/status/1634046776050348033 exploited] with a price oracle exploit for $27K using the same method as last month’s BentoBoxv1 exploit.
* On 10-4-2023 [https://decrypt.co/125799/sushiswap-smart-contract-bug-exploited-in-3-3-million-theft $3.3 million worth] of Ethereum got exploited from a [[Sifu]] through a bug in SushiSwap.
*On March 9, 2023 SushiSwap was once again [https://twitter.com/AnciliaInc/status/1634046776050348033 exploited] with a price oracle exploit for $27K using the same method as last month’s BentoBoxv1 exploit.
* On February 9, 2023 SushiSwap BentoBoxV1 was targeted in a [[Chainlink (LINK)|ChainLink]] [https://twitter.com/AnciliaInc/status/1623808892731023360 price oracle manipulation attack] which resulted in a $26K loss.
* On February 9, 2023 SushiSwap BentoBoxV1 was targeted in a [[Chainlink (LINK)|ChainLink]] [https://twitter.com/AnciliaInc/status/1623808892731023360 price oracle manipulation attack] which resulted in a $26K loss.
* SushiSwap Kashi vulnerability [https://blocksecteam.medium.com/beyond-the-market-risk-a-logic-bug-identified-in-sushiswaps-kashipairmediumriskv1-contract-80ead49d8d6d disclosed], pools could be drained via outdated exchange rate (12-2022).
* SushiSwap Kashi vulnerability [https://blocksecteam.medium.com/beyond-the-market-risk-a-logic-bug-identified-in-sushiswaps-kashipairmediumriskv1-contract-80ead49d8d6d disclosed], pools could be drained via outdated exchange rate (12-2022).
Line 116: Line 117:
=== DAO ===
=== DAO ===


* [https://medium.com/@SenateLabs/landscape-of-pro-delegate-next-wave-of-dao-governance-f239cd8537ea Has] [[Flipside]] as one of their professional delegates (30-11-2022).
* Had some voting controversy, [https://decrypt.co/225431/sushiswap-community-cries-foul-over-vote from] [[Decrypt (DCPT)|Decrypt]] (9-4-2024):
''"Put simply, B.Naïm claims that the SushiSwap team added liquidity to freshly created wallets moments before the next snapshot was created to increase the core team’s voting power. By doing so, he posits they wanted to give themselves more influence on the final tally. Soon after the proposals were listed and the voting snapshots were taken, the team withdrew the liquidity from the new wallets. “How can so many addresses be funded 10 minutes before the creation of the vote and then removed minutes after?” B.Naïm said, “Does that seem normal to you?”"''
*[https://medium.com/@SenateLabs/landscape-of-pro-delegate-next-wave-of-dao-governance-f239cd8537ea Has] [[Flipside]] as one of their professional delegates (30-11-2022).


=== Treasury ===
=== Treasury ===
Line 280: Line 283:
=== Other Details ===
=== Other Details ===
== Oracle Method ==
== Oracle Method ==
== Compliance ==
* [https://decrypt.co/124133/sushiswap-dao-subpoena-sec-legal-defense-fund From] [[Decrypt (DCPT)|Decrypt]] (22-3-2023):
''"SushiSwap, disclosed it had received a subpoena from the Securities and Exchange Commission, signaling it could soon be subject to regulatory enforcement action.''
''The organization’s disclosure came in the form of a proposal submitted to the Sushi DAO for the establishment of a legal defense fund to cover potential legal costs. “Sushi, and Head Chef Jared Grey, were recently served with an SEC Subpoena,” the proposal stated. “We’re cooperating with the SEC.”''
== Their Other Projects ==
== Their Other Projects ==


Line 316: Line 327:


''"SushiSwap is making good on its [https://twitter.com/SushiSwap/status/1616118353697067008?s=20&t=PAx-64tuNlfQtNYCPhCBiw January promises] to launch a [[derivatives]] trading platform. But instead of building it from scratch, it’s gone out and bought one. [It] announced the acquisition of Vortex Protocol today for an undisclosed amount. Built atop Sei Network, a blockchain using [[Cosmos (ATOM)|Cosmos]]’ tooling, the on-chain trading platform will come under the SushiSwap umbrella as another product and will take a new name. Vortex Protocol is a not-yet-launched decentralized derivatives exchange and will offer users 10x margin trading on a variety of assets. [[Sei (SEI)|Sei Network]] and Sushi’s newly-acquired Vortex Protocol will both launch on mainnet in Q2 of 2023."''
''"SushiSwap is making good on its [https://twitter.com/SushiSwap/status/1616118353697067008?s=20&t=PAx-64tuNlfQtNYCPhCBiw January promises] to launch a [[derivatives]] trading platform. But instead of building it from scratch, it’s gone out and bought one. [It] announced the acquisition of Vortex Protocol today for an undisclosed amount. Built atop Sei Network, a blockchain using [[Cosmos (ATOM)|Cosmos]]’ tooling, the on-chain trading platform will come under the SushiSwap umbrella as another product and will take a new name. Vortex Protocol is a not-yet-launched decentralized derivatives exchange and will offer users 10x margin trading on a variety of assets. [[Sei (SEI)|Sei Network]] and Sushi’s newly-acquired Vortex Protocol will both launch on mainnet in Q2 of 2023."''
=== Wara ===
[https://x.com/jaredgrey/status/1821173152069599335 Announced] Wara DEX on Solana (7-8-2024).


== Roadmap ==
== Roadmap ==
Line 409: Line 423:


=== Cons ===
=== Cons ===
*Had some voting controversy, [https://decrypt.co/225431/sushiswap-community-cries-foul-over-vote from] [[Decrypt (DCPT)|Decrypt]] (9-4-2024):
''"Put simply, B.Naïm claims that the SushiSwap team added liquidity to freshly created wallets moments before the next snapshot was created to increase the core team’s voting power. By doing so, he posits they wanted to give themselves more influence on the final tally. Soon after the proposals were listed and the voting snapshots were taken, the team withdrew the liquidity from the new wallets. “How can so many addresses be funded 10 minutes before the creation of the vote and then removed minutes after?” B.Naïm said, “Does that seem normal to you?”"''
* Had some [https://twitter.com/agdyor/status/1463756236264988672?s=21 fall out] on [[Twitter]] when someone claimed Sushi had become a company, ruled by 5 of the main DAO members (25-11-2021). [[Rekt]] looked into it and had some pretty [https://rekt.news/sushiswap-scandal/ convincing evidence] that indeed, this group had been taking over the DAO in less than positive ways (6-12-2021).
* Had some [https://twitter.com/agdyor/status/1463756236264988672?s=21 fall out] on [[Twitter]] when someone claimed Sushi had become a company, ruled by 5 of the main DAO members (25-11-2021). [[Rekt]] looked into it and had some pretty [https://rekt.news/sushiswap-scandal/ convincing evidence] that indeed, this group had been taking over the DAO in less than positive ways (6-12-2021).
*Has been called a jack of all trades, a master at none.
*Has been called a jack of all trades, a master at none.

Latest revision as of 05:26, 13 August 2024

SushiSwap
TypeDEX
Total supply250M SUSHI
Websitesushi.com

 Basics

"This one is an automated maker based on Uniswap, but with a governance token built in that really favors liquidity providers who get in early. It also sends up all sorts of red flags."

"SushiSwap is a fork of Uniswap with a native token, SUSHI, that people can currently yield farm using other Ethereum-based tokens. SushiSwap isn’t actually live yet so it’s just yield farming at the moment."

History

"Founders of popular projects like Dharma, 0x Protocol and Uniswap have openly expressed their disdain for SushiSwap, stating that a successful migration would be “terrible for LPs and traders” due to fragmented liquidity.

On the flip side, popular anon accounts like Degen Spartan have signaled their support for a  “community-owned AMM LP protocol,” versus VC funded projects, like Uniswap which raised $13M from giants including a16z and USV."

Audits & Exploits

  • Bug bounty program can be found here. Is up to $1.250M (12-2021).
  • Used Certora's Prover tool with formal verification technology to complement/assist their manual audits (2-10-2022).
  • Scored 63% on DAOmeter, scored very low on Voting (no staking for voting, no custom tooling and no delegates), low on Documentation (no reporting, gov code not public), Security (little auditing and admin keys), Treasury (multi-sig, no custom tooling and no dedicated team), Proposal (not stored on chain) and a bit low on Community (off and onboarding not clear).
  • Scored 63% on DeFi Safety after an updated review (17-12-2021):

"Activity is well over 100 transactions a day on contract MasterChefV2.sol, The basic software function of the MasterChef V1/V2, Oracle, BentoBox, and Kashi are all outlined in the documentation. No code coverage found, but there is clearly a robust testing suite within the SushiSwap GitHub repositories. SushiSwap has had their MasterChefV2 contract formally verified.

  • Previously scored a 57% (4-5-2020); "There is no discussion of a pause control. No evidence of audit reports on their website, docs or developer docs. Their security sections only talk about bug bounties.. This appears intentional. Therefore score of 20% indicating no audits, even though for the previous audit we wrote the text below.."
  • Before it also scored a 57% on DeFi Safety (9-2020); "Two audits were performed after deployment from Quantstamp and PeckShield. Some changes were implemented while others will be dealt with by the team without contract modification as the contracts are in heavy use. No critical flaws found."
  • Had their Shoyu NFT protocol audited by Peckshield, Haechi and Zokyo (29-9-2021).
  • From the yEarn Partnership Roundup (11-12-2020):
  • Chef Nomi, the founder did sell all his personal tokens during a crash of the market (5-9-2020). He then returned his profits a week later (11-9-2020).
  • From Decrypt (31-8-2020):

"After reducing the risk of exit scamming by adding a 48-hour timelock on admin functions and partnering with Quantstamp to officially audit the contracts, the degen DeFi farmers of the world are starting to treat SushiSwap as more than just a money printer."

"Quantstamp begins SushiSwap audit. They’ll be auditing a new settlement feature (limit orders) and Bento Box, which allows for margin shorts, lending, and flexible oracles."

Bugs/Exploits

  • On 10-4-2023 $3.3 million worth of Ethereum got exploited from a Sifu through a bug in SushiSwap.
  • On March 9, 2023 SushiSwap was once again exploited with a price oracle exploit for $27K using the same method as last month’s BentoBoxv1 exploit.
  • On February 9, 2023 SushiSwap BentoBoxV1 was targeted in a ChainLink price oracle manipulation attack which resulted in a $26K loss.
  • SushiSwap Kashi vulnerability disclosed, pools could be drained via outdated exchange rate (12-2022).
  • From Rekt (18-9-2021):

"Eratos1122 protested, but the Sushi team had made their case, and they refused to back down. DeLong had attached the resume, personal website, Facebook profile, email address and invoice details of eratos1122 into a public Google doc. After a few hours of these details being made public, and following threats from the Sushi team to involve the FBI, the money was returned. (865.094 of 864.8 ether, more than was originally stolen)"

"SushiSwap’s Miso ~860 ETH exploit changed recipient of Kia Sedona NFT proceeds, supply chain attack of front end; funds were returned."

"SushiSwap paid $1 million bounty to samczsun for Miso vulnerability disclosure where $350 million was at risk and assistance with mitigation"

"An already known wallet was taking advantage of an old loophole that had reopened due to a moment of forgetfulness by the SushiSwap team. Although a solution had been created some weeks earlier, it had to be applied manually along with each new pool. As this had not been applied, the scavenger was able to sneak in and take fees which should have gone to xSushi holders. What could have been a disaster turned out to be a slight humiliation for the Sushi team. The conversation in Discord stating that they won’t be automating this fix and will continue to rely on remembering to apply it each time is somewhat concerning."

"Late last night, an anonymous actor poked a hole in their smart contracts and stole ~$15k before the team of Sushi chefs chased them out of the kitchen. I got the help of Andy a strategist at yEarn / ex-makerdao smart contract engineer and Daniel Que ex Coinbase. Exploit totally, a smart one - and he deserves the funds. I think I’ve found him btw..."

"SushiSwap appears to be vulnerable from a sneaky bug that could multiply someone’s governance power without having to acquire new tokens. Reported by developer Jong Seok Park on Sept. 7, the bug can be described as a governance double-spend. In essence, SushiSwap governance lets tokenholders delegate their voting power to another entity. However, if that token holder then transfers the tokens to someone else, the delegatee still maintains their governance power. The second tokenholder can now delegate tokens once again, multiplying the delegatee’s power by as much as necessary. The bug is that the token transfer does not reset delegation parameters, and this is likely the result of aggregating codebases from different projects.

SushiSwap’s governance contracts are largely a fork of Yam governance, themselves a fork of Compound. Looking at the Github source code of SushiSwap, however, it appears that the token’s smart contract only modified the “mint” function from the standard implementation of ERC-20 contracts by OpenZeppelin. Yam, on the other hand, used a specific implementation of the standard that has a “moveDelegates” function called upon transferring.

In a conversation with Cointelegraph, FTX CEO and now lead for SushiSwap Sam Bankman-Fried confirmed the existence of the bug. He noted that “It doesn’t pose an immediate problem for Sushi” as governance hasn’t yet been activated.

It is interesting to note that SushiSwap was hastily reviewed and audited by multiple firms as the project blew up in popularity. While one of the issues involves the same “moveDelegates” function at play here, it appears to be a different type of bug."

Governance

  • From their docs (9-5-2021):

"SushiSwap is ultimately governed by its community, via forum discussions and, when pertinent, voting on proposals held on the SushiSwap Snapshot. At this time, only proposals posted to the Snapshot voting system by the CORE can be considered binding if passed with a quorum. Major structural changes and use of the devfund wallet are voted on by the community, whereas smaller changes affecting operations, as well as changes of SushiSwap menu farming pairs, are decided on by 0xMaki and core team. Our goal is to establish a DAO, with working trustless governance. This is not an easy task by any measure, and is not something that will be rushed. There are at this time no time estimates for when this can be accomplished, but it will surely take well into 2021."

Admin Keys

"All contracts are clearly labelled as upgradeable (or not) -- 15% -- Contract are not explicitly labelled as upgradeable or immutable, but it is heavily implied through the governance voting system Q & A at https://docs.sushi.com/faq-1/governance-voting-faq. - The type of ownership is clearly indicated (OnlyOwner / MultiSig / Defined Roles) -- 30% -- MultiSig roles are clearly defined and outlined here. - The capabilities for change in the contracts are described -- 15% -- The documentation outlines certain parameters that can be changed in the contracts, but not to what extent here. No evidence of Pause Control was found within the SushiSwap documentation or code."

  • From their docs (9-5-2021):

"Any use of the devfund wallet requires that the Multisig sign it, which they will only do if it is clearly by the will of the community and has had a passing vote by quorum. There must be at least 6 out of 9 signatures for a transaction to be approved. The Multisig members are trusted members of the DeFi & Ethereum ecosystem: @SBF_Alameda, @rleshner, @0xMaki, @lawmaster, @cmsholdings, @mattysino, @mickhagen, @JiroOno, @zippoxer

Any changes that are within the purview of the core team, such as rebalancing and administration of farming pools and use of the growth fund, must pass the Operations Multisig with at least 3 signatures. The Ops Multisig members are: @0xMaki, @LevxApp, @OmakaseBar, @JiroOno. Adding / removing pools; changing pool weights (rewards); changing the Sushi block reward; approving transactions coming out the growth fund; overall changes to the smart contracts."

"I checked their Ops multisig contract on Etherscan and noticed there were 7 signers listed. I headed to Sushi's Discord and connected with a core team member who understood the problem and very quickly added the names of the additional signers. And isn't it dangerous that, with a 3 signature threshold, these 3 unknown signers had the weight to make any change to SushiSwap that they wanted?"

"The first red flag - an admin key which would drain funds - is now subject to a timelock. This means that any major admin call will be subject to a 48-hour delay in which LPs can remove their liquidity in the event of a forthcoming crisis."

"Chef Nomi swapped his Sushi LP tokens for some 37,400 ether (ETH) worth about $13 million in what bears strong resemblance to an “exit scam.” Chef Nomi declared his intention to stick with the Sushi protocol and that his Sushi sale was well within his rights as a founder.

Others, such as FTX CEO and sushi investor Sam Bankman-Fried, were not enthused about that decision: “First of all, Chef Nomi sucks,” he tweeted Sept. 5. Yet the clock kept ticking on the planned migration from Uniswap to SushiSwap. And, at this point, virtually no one trusted Chef Nomi to undertake the transfer in an honest fashion.

Through push and pull, Chef Nomi decided to give up his keys to the SushiSwap contract he and he alone held. To boot, the contract to the $1.25 billion protocol was given to none other than Bankman-Fried, who canceled the migration. As of now, Bankman-Fried controls the SushiSwap contract. In a Discord message, he said he plans to move the contract to a multi-signature contract until the project can be fully decentralized into the hands of SushiSwap LP token holders, similarly to other DeFi protocols."

"So now the ball is in SBF’s court and he’s currently free to do whatever he wants with the protocol. He outlined his plan here which is to basically cancel the current migration of Uniswap LP’s to SushiSwap (done), initiate a new one (done), and start the process of transferring ownership of SushiSwap to new multi-sig owners (in progress). Though since SBF is such a large holder of SUSHI, giving up control of the protocol via the multi-sig might not matter since he could just swing the vote on governance proposals with his holdings anyway. Whether he will exercise this power or not remains to be seen. It’s also worth noting that SBF has also been pushing for SushiSwap to be ported over to Serum (the “decentralized” exchange he’s building on Solana)."

"An election is taking place for the nine members of a multisig wallet that will be able to make changes to SushiSwap’s code. Community member Zippo made a dashboard to follow the vote. Nine people will be chosen and any six can make changes. "@SBF_Alameda @rleshner @0xMaki @lawmaster @cmsholdings @mattysino @mickhagen @AdamScochran and finnally @zippoxer who also created the dashboard!" Top vote-getters included Bankman-Fried, Compound founder Robert Leshner, 0xMaki (a SushiSwap co-founder who was not allocated tokens) and The Block’s Larry Cermak. Cermak did not reply to a request for comment from CoinDesk last night about whether he would accept the position, which could pose conflict-of-interest issues relating to his work as the news publication’s director of research. He previously told CoinDesk he had no direct involvement in SushiSwap, despite rumors to the contrary."

"SushiSwap has a 48-hour timelock on its MasterChef contract. To make any change or upgrade to MasterChef, a transaction from the Ops multisig must sit for 48-hours before it's executed. In November 2020, I noticed that this timelock was owned by the Ops multisig itself. This meant that the Ops multisig had the ability to change - or even remove - the timelock. Members of the core team quickly agreed with me, acknowledged the security issue and publicly promised to change timelock control over to the Treasury multisig signers. The Sushi team has now informed me via Discord that shortly after announcing that timelock ownership would move to the Treasury multisig, the Ops team changed its mind and decided to retain control over its own timelock contract. They thought that switching it over to the Treasury multisig would make frequent upgrades too difficult."

DAO

"Put simply, B.Naïm claims that the SushiSwap team added liquidity to freshly created wallets moments before the next snapshot was created to increase the core team’s voting power. By doing so, he posits they wanted to give themselves more influence on the final tally. Soon after the proposals were listed and the voting snapshots were taken, the team withdrew the liquidity from the new wallets. “How can so many addresses be funded 10 minutes before the creation of the vote and then removed minutes after?” B.Naïm said, “Does that seem normal to you?”"

  • Has Flipside as one of their professional delegates (30-11-2022).

Treasury

Token

Launch

Token allocation

"100 SUSHI is created per block, distributed across all 13 pools evenly.

For the first two weeks, 1000 SUSHI (10x the base amount) is rewarded per block with the SUSHI/ETH pool receiving an added 2x multiplier. This tool by Zippo is a great away to see which pool(s) are earning the most SUSHI per dollar at any given time."

"Claiming that the 10% developer share can be seen as a treasury governed by LP’s."

However

"SUSHI had a 10% developer fund allocated to the SUSHI Dev team (a team of 1 person, the SUSHI founder) which the founder decided to treat more as a ‘founders reward’ than a ‘dev fund’, as he turned the allocation into ETH and took off with it."

  • From the docs (9-5-2021):
  1. "250 million $SUSHI hard cap.
  2. 10% of all emissions go to our Multisig-controlled treasury/dev fund.
  3. Expected date to reach hard cap is November 2023.
  4. There are currently 40 $SUSHI tokens minted per block"

Utility

  • From Yield Farmer (28-8-2020):

"SUSHI tokens offer no utility except for governance of the protocol, with future iterations offering tokenholders a percentage of SushiSwap trading fees."

"The new SushiSwap will function similarly to Uniswap. In Uniswap, which has no native token, 0.3% of trading fees are proportionately distributed to the pool’s liquidity providers. In SushiSwap, 0.25% goes to liquidity providers, while the remaining 0.05% gets converted back to SUSHI through SushiSwap, and distributed to SUSHI token holders."

"These fees have also grown significantly, surpassing $2 million in total daily fees ($350k to stakers) for the first time on January 11. The P/S ratio is particularly relevant as it puts into context a protocol’s valuation relative to the revenues it produces, in SushiSwap’s case provided to LPs and token holders. Despite SushiSwap's market cap growing over 600% in the last three months, its valuation relative to sales has actually decreased by 40% during the same time."

Token Details

  • Has multiple types of Sushi tokens. SUSHI is what users get in return for providing liquidity to the AMM. xSUSHI is what users get when they stake their SUSHI to get a portion of the fees and the oSushi proposal is similar to the veCRV model, where voting power over distribution of pool rewards is based on the amount of time a holder locks up tokens (14-5-2021).

Coin Distribution

"Clearly, $SUSHI user's are whales. This can be seen looking at unique traders & volume/unique weekly trader. This is similar to $FTT vs $BNB / $COIN - FTX caters to a few, big customers while BNB / CB cater to tons of smaller customers. FTT has crushed it w/ this approach."

"we can see the labels that stand out are Alameda and also Three Arrows Capital both providing over 35 million USD in liquidity over all time. Note that this is not the same SBF MultiSigner address from Alameda that we noted down in the previous section. This probably means Alameda seems to use multiple wallets to interact with SushiSwap.

About 11.9% of the farmers have farmed 1,000-10,000 Sushi. Only a handful (2.9%) have farmed more than 10,000 SUSHI. Majority (68.5%) have farmed between 10-1,000 SUSHI.

"Chef Nomi swapped his Sushi LP tokens for some 37,400 ether (ETH) worth about $13 million in what bears strong resemblance to an “exit scam.”" (Irony: they used Uniswap via ZapperFi). He then returned his profits a week later (11-9-2020).

  • From Daily Gwei (7-9-2020):

"This obviously came as a shock to most of the SushiSwap community as the Chef had stated he wouldn’t be dumping the dev fund as he’s a “good guy”."

  • Anonymous founder Chef Nomi sold all his tokens during a market crash. Some called him out on that (6-9-2020).

Tech

"With 318 commits and 11 branches, this is a repository that has a strong development history."

Implementations

  1. Fantom
  2. Polygon
  3. Xdai
  4. Binance
  5. Moonbeam Network
  • Avalanche; in an ongoing effort of expending to different chains, Avalanche is planned (16-3-2021).
  • Harmony; live (6-4-2021).
  • "Sushi is deployed on over 17 chains and counting." (9-7-2021).

How it works

"While the first stage of the project is relatively harmless, SushiSwap’s master plan is to take the liquidity staked in their interface and migrate it to a native AMM roughly two weeks after launch.

This tactic - coined ‘Vampire Mining’ by Martina Krung - looks to siphon liquidity from a market leader like Uniswap by offering incentives and revenue-sharing tactics that make capital more profitable on the new AMM. Krung details the steps to do so as:

  1. Copy project A (Uniswap) with all its open-sourced smart contracts and front-end. Project A has no token, but earns a fee on every token flow.
  2. Implement migration mining from project A to project B (SushiSwap), basically giving $X (SUSHI) to people who migrate liquidity from A to B.
  3. Implement governance and start sharing revenue to new tokenholders holding $X.
  4. Project A has no liquidity and loses all revenue.

While the idea of Uniswap being killed by its Japanese clone is quite far fetched, it’s interesting to consider Vampire Mining as a bootstrapping mechanism for new projects.

In the case of SushiSwap, 10% of every SUSHI distribution is set aside for the development & future iterations of the protocol, including security audits."

Fees

"Upon migration to SushiSwap, a 0.05% trading fee will be shared directly with SUSHI holders, meaning users can capture revenue without having to act as an LP."

Upgrades

"Value locked in SushiSwap, which briefly became the largest DEX by assets, is also sliding after [it] reduced tokens rewards from 1,000 SUSHI per block for liquidity providers, to 100 three days ago, as planned."

The Migration from Uniswap

  • After all the founder drama, the Uniswap-SushiSwap-Swap started on 9-9-2020. From CoinDesk:

"The move is earlier than expected because the originally stated migration for SushiSwap was supposed to be this Friday. Last week, however, the community voted to move up the migration by five days, to Sunday, Sept. 6. Bankman-Fried then cancelled the migration, moving it to today.

A community-built data portal to SushiSwap claims that 55% of those assets are staked to switch over to SushiSwap today. Further, Bankman-Fried has promised to distribute 2 million SUSHI tokens to SushiSwap backers who stick around through the migration."

"SushiSwap’s Snapshot governance page is quite active, with a new lending platform proposed to be included under the Sushi umbrella. Recently, Sushiswap also added a new UI and a rotating set of yield farms."

V3

  • After Uniswap released its V3, SushiSwap responded with its own. It goes after capital efficiency, allowing assets to be utilized in swaps, loans and options (9-4-2021).

Trident

"Trident is a production framework for building and deploying AMMs, but it is not just an AMM itself. While AMMs can be created using the Trident code, there isn’t a specific AMM at the center of Trident. Instead, there is a framework for creating any AMM anyone would ever need. The concept behind this framework is that hard-coded swap environments like those found in Uniswap, Curve, and Balancer all necessitate the same underlying methods, and can therefore, be consolidated into a single interface. By consolidating them into an interface, the development process can occur more rapidly at a community level. For all intents and purposes, this interface, which we are calling the IPool interface, is also a discovery in the nature of liquidity at the point of execution. There are only so many things you need to do with a pool design, so pool designs will invariably follow the same patterns. When new pools are whitelisted and deployed on Trident, they continue to exist within the Trident framework, which means they collect fees for xSushi holders. As well, any outside developer can use Trident to create custom AMMs by extending the IPool interface in their pool contracts, and launch them in the Trident framework. Any pool type that passes an audit and an internal review is eligible to be whitelisted and deployed on Trident."

  • From this thread (20-7-2021), which describes Trident:

"The core feature is four different pool types -- constant product pools (think Sushi/Uniswap v1), hybrid pools (Curve), concentrated liquidity pools (Uniswap v3), and weighted pools (Balancer). Trades will route through all four via a matching engine, Tines. LPs can make the same trading pair in multiple pools, which will lead to some interesting decisions for the Smart LPs . Tines will be open-source, and will route through multiple pools and assets to find the most efficient trades. All of this is a "native application" to BentoBox. Similar to the Balancer v2/Aave integration, idle or unused deposits in Trident pools can be used in yield-bearing strategies. Currently the team is only using Compound, but they're hiring for more complex ones. Nifty features include limit orders (and the liquidity for those orders will earn yield while traders wait for their prices to hit) and the ability for pool deployers to turn off TWAP oracles in favor of Chainlink oracles to save gas."

Staking

"SushiSwap is projecting $60 million for xSUSHI stakers. Taking these as the protocol’s earnings, this would give SUSHI a P/E ratio of 38.5, which is significantly lower than Coinbase’s 160 P/E. SUSHI's P/E has been declining while SUSHI’s price has been increasing, getting cheaper relative to its revenues."

Liquidity Mining

"Touting itself as “an evolution of Uniswap with SUSHI tokenomics” farmers earn SUSHI governance tokens for staking the UniswapV2 LP tokens of popular DeFi assets in an appetizing interface inspired by Yam Finance."

Scaling

  • From their blog (9-2-2021):

"We will move in sync with the greater Yearn ecosystem. Zk-rollups are currently the option privileged since composability is key. Matter labs have been quite supportive, and we are keeping up with the latest development of Zinc. Ultimately this decision will lay in the hands of our CTO — core devs and Yearn ecosystem participants."

Interoperability

  • Raydium; "A proposal on the SushiSwap forum details a plan to use Raydium as a bridge to bring the exchange onto Solana. The process would involve supporting SushiSwap’s liquidity pools and staking on Serum, followed by Raydium’s testnet. Later, developers would deploy SushiSwap’s Bonsai pools on mainnet, and Raydium would integrate SushiSwap’s Raydium pools." Crypto Briefing (23-2-2021).

Other Details

Oracle Method

Compliance

"SushiSwap, disclosed it had received a subpoena from the Securities and Exchange Commission, signaling it could soon be subject to regulatory enforcement action.

The organization’s disclosure came in the form of a proposal submitted to the Sushi DAO for the establishment of a legal defense fund to cover potential legal costs. “Sushi, and Head Chef Jared Grey, were recently served with an SEC Subpoena,” the proposal stated. “We’re cooperating with the SEC.”

Their Other Projects

Meowshi (MEOW)

"A token system that allows participants to earn double yields through Sushi’s BentoBox."

"Meowshi is a tool that takes advantage of the power of BentoBox, by providing instant value to the vault, the various products that use the vault and to people who want to flash loan xSUSHI. Each xSUSHI BentoBox “share,” which adjusts based on yield, is represented by 100,000 MEOW tokens."

MISO

"The launchpad is called MISO, which stands for “Minimal Initial SushiSwap Offering”. It will be launched on May 20. The first token set to be launched on MISO is SAK3 (called sake, like the Japanese rice wine), an ultra-limited celebratory token created by the Sushi team. SushiSwap seems to be following the lead of another decentralized exchange, Uniswap. Similar to Uniswap’s SOCKS token, which can be exchanged for a physical pair of socks, each SAK3 token is redeemable for one bottle of Sake."

Natto

"NATTO is a Sushi NFT exchange that has been gas-optimized. It supports NFT artists and collectors, in addition to providing Uniswap V3 NFT LP token holders a seamless selling solution."

SushiXSwap

"The first ever crosschain swap AMM built on @StargateFinance and @LayerZero_Labs."

Vortex Protocol

"SushiSwap is making good on its January promises to launch a derivatives trading platform. But instead of building it from scratch, it’s gone out and bought one. [It] announced the acquisition of Vortex Protocol today for an undisclosed amount. Built atop Sei Network, a blockchain using Cosmos’ tooling, the on-chain trading platform will come under the SushiSwap umbrella as another product and will take a new name. Vortex Protocol is a not-yet-launched decentralized derivatives exchange and will offer users 10x margin trading on a variety of assets. Sei Network and Sushi’s newly-acquired Vortex Protocol will both launch on mainnet in Q2 of 2023."

Wara

Announced Wara DEX on Solana (7-8-2024).

Roadmap

  1. "Release our DEX aggregation router, increasing swap volumes & fees.
  2. A decentralized organizational structure to promote product autonomy.
  3. Newly optimized tokenomics & improving liquidity, sustainability, community ownership, & Treasury diversification.
  4. Launch Sushi’s decentralized incubator: Sushi Studios."
  • From this thread (20-7-2021), which describes Trident:

"One exciting piece of the roadmap coming post-launch is "franchise pools." These are designed to be compliant with KYC/AML requirements -- think a AMM compliment to Aave's institutional lending pools. Joe told me that there have been initial conversations with exchanges as users."

  • Can be found here (9-2-2021):
  1. "Sushibar v2 following vote of Simp#1
  2. - No lockup so we can integrate inside Aave-Maker
  3. - Keep3r auto-serving of rewards
  4. Wrapped-SLP to be used in various money market
  5. Mirin
  6. We are highly considering this model for our own governance."

“I don't think SushiSwap will succeed just by copying recipes” SushiSwap developer 0xMaki told The Defiant. “It needs to invent its own. Custom fees, modified price algorithms, single-sided liquidity. Anything from Bancor, dxSwap, Dodo and more can be inspiration for a community owned AMM.”

Usage

"Don’t let the flippant name and emoji throw you off; Sushi means business. In less than a week, SushiSwap has aggregated more than $800M worth of tokens, or about 80% of total Uniswap assets, according to Sushiboard, which tracks the project’s data. On average, 86% of total liquidity in the 13 Uniswap pools with LP tokens is currently being staked in SushiSwap."

  • After all the founder drama, the Uniswap-SushiSwap-Swap started on 9-9-2020. From CoinDesk:

"A community-built data portal to SushiSwap claims that 55% of those assets are staked to switch over to SushiSwap today."

"Value locked in SushiSwap, which briefly became the largest DEX by assets, is also sliding after [it] reduced tokens rewards from 1,000 SUSHI per block for liquidity providers, to 100 three days ago, as planned."

"SushiSwap has held up fairly well, despite some drama along the way. Even after Uniswap launched its own token and mining rewards, SushiSwap still has over $400M of liquidity at the time of writing. Since Sushiswap incentivizes different pairs than Uniswap, it also provides better rates than Uniswap for several pairs, such as YFI-ETH or LEND-ETH. Still, after the boom of the initial migration, both liquidity and volume are sliding."

"At the time of writing this report there are about 10,176 unique addresses providing liquidity to SushiSwap. These are the unique Ethereum addresses that interact with the Sushi Liquidity Pools and lock two tokens in order to receive Sushi Liquidity Pool Tokens (SLP) that symbolize the liquidity provided to the protocol. Note these addresses may not necessarily be staking their SLP tokens. A majority of LPs (66.2%) provide liquidity to only 1 pool. Only a small percentage (4.2%) provide liquidity to 5 pools or more."

"Key protocol metrics have been growing steadily, with SushiSwap’s volume and liquidity reaching new highs in January. Over the last three months, SushiSwap’s liquidity and volume have grown by 480% and 1600%, respectively. After forking Uniswap, SushiSwap launched on its first day with 40% of the volume share between the two top AMMs. This declined sharply, then recovered and has now managed to sustain above 25% in 2021 thus far."

  • From their blog (9-7-2021):

"Since it’s inception, MISO has been the home to 8 successful token auctions, driving over $50,000 in fees in a few short weeks to xSUSHI holders."

Projects that use or built on it

yEarn and Sushi Relationship

  1. "Sushiswap & Yearn merge development resources
  2. Sushiwap & Yearn TVL increases
  3. Sushiswap will complete and launch Deriswap in collaboration
  4. Integration of Keep3r inside Sushibar v2
  5. Yearn strategies will use Sushiswap moving forward
  6. Yearn will help create xSushi vaults so people can earn SUSHI-ETH-YFI-wBTC.
  7. Keep3r will move the full treasury as liquidity to Sushiswap KP3R/ETH (~$11MM)
  8. Keep3r will implement on-chain limit orders, stop loss, and take profit for Sushiswap LPs
  9. Keep3r will offer gasless swaps via MetaWallet for Sushiswap trades
  10. Sushiswap will be involved in a stealth project following Deriswap release with Yearn
  11. Sushiswap money market will be launched that uses Sushi LP as collateral
  12. Cream protocol reserve will provide liquidity to Bento Box
  13. Cover agnostic protocol will launch to use SUSHI as coverage and allow covSUSHI to cover individual pairs, such as CLAIM-SUSHI-WETH-WBTC
  14. Coverage money market will include Sushiswap perpetual coverage
  15. Sushi token and governance will stay the same
  16. 0xMaki will lead the AMM arm of yEarn

Synergies*

  1. Yearn will be allocated 0.2x allocations for pairs that needs to be incentives (make more liquid potential candidate CRV<> yyveCRV or any other pairs or vault)
  2. Yearn will participate in Sushi governance and add to its treasury some SUSHI
  3. Sushiswap will participate and add to its treasury YFI
  4. Grants for Sushi contributors will now be paid via yGift
  5. Keep3r/ETH will be added to the permanent menu

* Pending Governance votes by Yearn and Sushiswap respectively"

Competition

  • Uniswap, Bancor and other AMMs.
  • Uniswap is narrowing in on spot trading. Sushi is expanding vertically with Kashi & other future Bentobox products.

"Ironically, SushiSwap itself experienced a series of forks. From Kimchi, to Sashimi, a cornucopia of food farms arose soon after Sushiswap’s launch. As Sushi rewards dropped off, liquidity was incentivized to move away to these forks. But most of these forks didn’t add much, if any, innovation, and quickly died off."

"As it can be seen a large percentage (40%+) of SushiSwap LPs’ provide liquidity on Uniswap too. Surprisingly a big chunk (24.2%) also provides liquidity on Balancer. A similarly sized chunk (22.5%) only provides liquidity to only SushiSwap."

"While they started as identical products, the past few months have diverged these two AMMs into two completely different products. Sushiswap has been constantly releasing new features—like Bentobox—while Uniswap core developers have been heads down building V3 behind closed doors.

UNI tokens are currently a non-productive governance token, meaning they don’t represent any economic rights over the cash cow that is Uniswap. On the other hand, SUSHI holders do have a claim to the protocol’s cash flows, making it a productive asset.  (RSA—one reason for this difference may be regulatory concerns, see our conversation with 0xMaki from Sushi)"

Pros and Cons

Pros

  • Moves fast and is considered an innovative force in DeFi.

Cons

"Put simply, B.Naïm claims that the SushiSwap team added liquidity to freshly created wallets moments before the next snapshot was created to increase the core team’s voting power. By doing so, he posits they wanted to give themselves more influence on the final tally. Soon after the proposals were listed and the voting snapshots were taken, the team withdrew the liquidity from the new wallets. “How can so many addresses be funded 10 minutes before the creation of the vote and then removed minutes after?” B.Naïm said, “Does that seem normal to you?”"

  • Had some fall out on Twitter when someone claimed Sushi had become a company, ruled by 5 of the main DAO members (25-11-2021). Rekt looked into it and had some pretty convincing evidence that indeed, this group had been taking over the DAO in less than positive ways (6-12-2021).
  • Has been called a jack of all trades, a master at none.
  • From Daily Gwei (31-8-2020):

"The real question is though, does this liquidity migrate over to SushiSwap once the yield farming incentive ends? Is the meme of “community ownership” enough to get people to switch? It could be if enough liquidity providers are incentivized to continue providing liquidity via holding the SUSHI token (which also entitles them to governance rights and fees). Though, an analysis like this isn’t complete without discussing the rather large wrench that the Uniswap team can throw into this whole thing.

What wrench is that you may ask? Well, it’s an open secret that the Uniswap team are currently developing v3 of the protocol and it’s rumored that this will include a token. This has everyone speculating that the team will announce the plans for v3 + the tokenomics before the SushiSwap liquidity migration starts. Depending on what’s revealed, liquidity providers may choose to stay in Uniswap (especially if they will be paid UNI tokens for doing so). It’s an open question as to whether a v3 announcement would be a death blow for SushiSwap but I personally do expect both projects to exist side-by-side for a while."

  • Anonymous founder sold all his tokens during a market crash. Some called him out on that (6-9-2020). From Daily Gwei (7-9-2020):

"This obviously came as a shock to most of the SushiSwap community as the Chef had stated he wouldn’t be dumping the dev fund as he’s a “good guy”."

He then returned his profits a week later (11-9-2020).

  • Has had multiple exploits within half a year time.
  • Promised (2-6-2021) to change its Admin Keys after being called out about them and then didn't change them without telling anyone.
  • Almost went into a partnership with Frog Nation, but this didn't go through after the 0xSifu drama went down (30-1-2022). Meanwhile, the Sushi Discord admin key is still in the hands of ex-CTO Joseph (2-2-2022).

Team, Funding, Partners

  • Full team can be found [here].
  • Sushi votes (3-10-2022) Jared Grey as new Head Chef, soon after accusations of him being a scammer and fingering a horse emerged.
  • Jonathan Howard; is being voted upon to become Head Chef, with a hefty price tag of ~$1.5M while the treasury has around 19m (27-7-2022).
  • Joseph, Omakase, Rachel, Keno, Nori where being named as the ones 'in charge' by someone who blamed them for making Sushi a 'company' (25-11-2021).
  • From their blog (9-7-2021):

"The Sushi team had grown to 14 full-time members. We are continuing the trend and have the pleasure to introduce an additional 7 teammates + a few special mentions, including the newly formed: Sushi Squad, a collective of highly active and valuable community contributors!"

  • Chef Nomi; ex-founder. From Daily Gwei (7-9-2020): "There is a prominent theory that Chef Nomi is actually Sorawit Suriyakarn (CTO of Band Protocol). This is based on a bunch of evidence (more here) that the community has uncovered in the last 48 hours. Of course, both Sorawit and the Band team have denied these allegations and key people in the community have also come to Sorawit’s defense. Though, Sorawit has admitted that he was involved in the project to some extent (helping with the code) but still denied being involved in any way beyond that. I’ll be honest, the evidence is quite damning and there are too many coincidences to be ignored."
  • SushiSwap; 2nd dev
  • 0xMaki; advisor (17-9-2021), ex-co-founder / lead dev. Joined when there were about 9 people in the discord. More on his background here (13-9-2020). Took over after Chef Nomi let greed get the better of him.
  • Joseph Delong; ex-CTO. From their blog (17-1-2021):

"Joseph Delong to be SushiSwap’s new CTO. Along with Joseph, Boring Crypto, Clearwood, and I’m Software will be joining the team as Core developers following the approval of this proposal." Update: Joseph left as CTO after 2 weeks of drama (9-12-2021).

"The project also completed the selection process for the new multisig signers that would hold the keys to the treasury and the contracts. Bankman-Fried was voted in, but he said that he will take a less active role after the initial transition is over: “I may share thoughts and suggestions on it, but I'm not going to be running it, that’s up to the SUSHI holders. Ultimately, it's not up to me long-term what happens.”"

  • Mudit Gupta — Core Developer, left and became advisor (12-2021).
  • Has Flipside as one of their professional delegates (30-11-2022).

Funding

Partners

(:

Knowledge empowers us all and will help us get closer to the decentralised world we all want to live in!

Making these free wiki pages is fun but takes a lot of effort and time.

If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.

ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31