Developers of other platforms like Goose Finance are warning about rugpull code is present in SushiSwap and its forks like PancakeSwap and others. This could allow a group of malicious/hacked developers to steal the funds of all users. This extremely dangerous code is used to update the vaults without user intervention. Of course many top platforms are not using it. The alternative to update vaults is very simple, when a new version of the vault is released (i.e. V2), users with funds in a V1 vault must migrate their funds to the V2 vault which is simple, secure and fast.
I am not a Solidity developer but it looks the code is in Masterchef contract, just search for “function migrate”. SushiSwap: MasterChef LP Staking Pool | 0xc2EdaD668740f1aA35E4D8f227fB8E17dcA888Cd
Platforms that require manual migration have a button to show/hide old vaults, so the UI is clean it shows by default current vaults. As an example, check Beefy Finance UI:
They have a checkbox for “Retired Vaults” disabled by default.
Most users don’t know about this danger so this should be fixed as soon as possible as they can’t do an informed decision about it. If developers don’t agree with this, then I would like to formally propose a voting about this.