The exactInputV3Swap function of Transit Finance was attacked due to the lack of legal verification of the pool input.
Beosin's EagleEye security risk monitoring, warning and blocking platform has detected an attack on the Transit Finance project. Beosin's security team analyzed and found that the exactInputV3Swap function in Transit Finance's SwapRouter was attacked due to a lack of valid input verification for the pool, which allowed the attacker to control the actualAmountIn in the first exchange by passing a fake pool and WBNB/BUSD pool path in the 0x93ae5...6de1081 transaction. This caused the SwapRouter to use the fake actualAmountIn as the initial value for the exchange in the WBNB/BUSD pool, resulting in the theft of BUSD from the SwapRouter.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Biden Pushes Controversial Crypto Regulation in His Final Days as U.S. President
UK Redefines Crypto Staking Rules to Boost Blockchain Innovation
Weakening Demand Signals Uncertain Future for Bitcoin, Says Glassnode
Financial Advisors Show Increased Interest in Crypto Investments Following U.S. Election
The 2025 Bitwise/VettaFi Benchmark Survey reveals growing enthusiasm among financial advisors for crypto investments, with a notable rise in allocations and client interest.