In Sushiswap’s Trident contract, the Certora Prover found a violation of the invariant just before the code was deployed. This violation allowed an attacker to drain the funds in the pool. The bug was fixed before deployment, removing this attack vector. You can read more about the exploit here: https://medium.com/certora/exploiting-an-invariant-break-how-we-found-a-pool-draining-bug-in-sushiswaps-trident-585bd98a4d4f
Share