The exactInputV3Swap function of Transit Finance was attacked due to the lack of legal verification of the pool input.
Beosin's EagleEye security risk monitoring, warning and blocking platform has detected an attack on the Transit Finance project. Beosin's security team analyzed and found that the exactInputV3Swap function in Transit Finance's SwapRouter was attacked due to a lack of valid input verification for the pool, which allowed the attacker to control the actualAmountIn in the first exchange by passing a fake pool and WBNB/BUSD pool path in the 0x93ae5...6de1081 transaction. This caused the SwapRouter to use the fake actualAmountIn as the initial value for the exchange in the WBNB/BUSD pool, resulting in the theft of BUSD from the SwapRouter.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Grayscale Submits S-1 for Spot Solana ETF with SEC
Lens Protocol Launches Lens Chain Mainnet with Avail and ZKsync
ByteDance and U.S. Discuss TikTok Deal Amid Tensions
Bitcoin sentiment falls to 2023 low, but ‘risk on’ environment may emerge to spark BTC price rally
Trending news
MoreCrypto prices
More
