The exactInputV3Swap function of Transit Finance was attacked due to the lack of legal verification of the pool input.
Beosin's EagleEye security risk monitoring, warning and blocking platform has detected an attack on the Transit Finance project. Beosin's security team analyzed and found that the exactInputV3Swap function in Transit Finance's SwapRouter was attacked due to a lack of valid input verification for the pool, which allowed the attacker to control the actualAmountIn in the first exchange by passing a fake pool and WBNB/BUSD pool path in the 0x93ae5...6de1081 transaction. This caused the SwapRouter to use the fake actualAmountIn as the initial value for the exchange in the WBNB/BUSD pool, resulting in the theft of BUSD from the SwapRouter.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Pump Science apologizes after GitHub key leak leads to fraudulent tokens
Share link:In this post: The DeSci platform Pump Science has warned its users not to trust any tokens launched using its Pump.fun profile. Pump Science said it would never launch its tokens on Pump.fun. While Pump Science holds BuilderZ partially responsible for the security breach, it does not think BuilderZ was the attacker.
Bitget Spot Bot adds MAJOR/USDT
We are pleased to announce that Bitget spot bot has now added: MAJOR/USDT. Reference 1. Spot grid 2. Crash course on Spot Grid Disclaimer Despite high growth potential, cryptocurrencies still face high risks and volatility. You are strongly advised to do your own research as you invest at your own
Craig Wright Ordered to Return to UK for Contempt of Court
Non-USD stablecoins may boost global e-commerce adoption
Trending news
MoreCrypto prices
More
