In just a couple of days, SushiSwap exceeded more than $1 billion in total value locked in the protocol, draining liquidity from its parent UniSwap, having already aggregated over 75% of its assets. In just 6 days, native token SUSHI gained 220% from $2.26 on 29 August to $7.24 on 3 September. What is going on with SushiSwap and are we dealing with a legitimate player in the field of DeFi?
SushiSwap is a new DeFi protocol, that has made waves within moments of its announcement. It is a fork of Uniswap, a decentralized exchange based on the Ethereum blockchain that allows on-chain swapping of ERC20 tokens using liquidity pools created by market makers. The SushiSwap team says what they are building is an evolution to its parent Uniswap, with SUSHI tokenomics.
So why would anyone want to provide liquidity to SushiSwap instead of Uniswap?
That has to do with the way liquidity providers are rewarded. UniSwap currently rewards liquidity providers with 0.3% of all trading fees. SushiSwap says it will offer 0.25% of all trading fees while the remaining 0.05% would be paid out in SUSHI. The more liquidity you provide, the more SUSHI you get. SUSHI tokens can then be traded against other tokens or used to vote as part of its governance utility.
While many liquidity providers have flocked to SushiSwap to mop up SUSHI tokens, the reception in the crypto space hasn’t all been positive. Big players like Brendan Forster, co-founder of lending platform Dharma Labs said he hopes the project fails as its success would only benefit the Sushi founders and not the liquidity providers. 0x founder Will Warren responded saying he agreed that Sushi’s success would not benefit the DeFi space as it wouldn’t translate to better swap prices.
Security flaws detected, but the game is not over yet
Security firm Quantstamp just published its review of SushiSwap and says it has identified 10 security issues. That doesn’t mean something fishy is going on, but it does serve as a warning for anyone going all in on a new project letting hype get ahead of things. Especially now that the DeFi space is hot, new projects will be rushing through development just to hit the market as soon as possible, which could potentially pose a risk to anyone getting their tokens involved.
That said, the security flaws Quantstamp found are not of the same severity that killed off the YFI clone YAM in just 48 hours after critical bugs were identified. Researchers at the blockchain security firm said they found 3 low risk, 2 medium risk, and five informational issues with the code.
Perhaps the single biggest issue that calls for SushiSwap users to take caution, is the failing to prevent the same liquidity provider token from being added more than once. This error risks disrupting reward variables; a vulnerability potentially allowing funds to be stolen from the platform should the owner’s private key become compromised; and an issue that could result in the protocols ‘massUpdatePools’ running out of gas.
Cinneamhain Ventures partner Adam Cochran revealed that the protocol’s developer fund is holding $27 million worth of unlocked SUSHI tokens that could be dumped or used to dump against LP tokens. After a back and forth on Twitter, where the anonymous founder of SUSHI explained the funds are reserved for devshare and have been specified since the beginning, Adam Cochran said he was exiting his position since SushiSwap refused to lock the funds. It was too much risk, with not enough upside.
In the end, it is still very early on in the project and there is a team behind with substantial standing in the DeFi space. Time will tell if SushiSwap is genuinely better than UniSwap – it should be noted they have hinted towards launching a token too in the near future, so just having a token will not differentiate SushiSwap for long.