The exactInputV3Swap function of Transit Finance was attacked due to the lack of legal verification of the pool input.
Beosin's EagleEye security risk monitoring, warning and blocking platform has detected an attack on the Transit Finance project. Beosin's security team analyzed and found that the exactInputV3Swap function in Transit Finance's SwapRouter was attacked due to a lack of valid input verification for the pool, which allowed the attacker to control the actualAmountIn in the first exchange by passing a fake pool and WBNB/BUSD pool path in the 0x93ae5...6de1081 transaction. This caused the SwapRouter to use the fake actualAmountIn as the initial value for the exchange in the WBNB/BUSD pool, resulting in the theft of BUSD from the SwapRouter.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Crypto Analyst: Stablecoin Circulation Key Metric for Blockchain Legitimacy
Ethena stablecoin USDe redemption hits record high of $268 million in one day
Cryptocurrency markets surge after Trump announces potential strategic crypto reserve
Ukraine Weighs 5% to 10% Crypto Tax in New Regulation Plan
Trending news
MoreCrypto prices
More
