LeetSwap, a decentralized trading platform on the Base chain, was hacked on August 1, 2023, resulting in an attacker profiting approximately $624,000, according to SlowMist security team's intelligence.
Odaily Planet Daily News states that the SlowMist security team discovered an attack on the decentralized trading platform LeetSwap, which took place on August 1, 2023. The attacker managed to profit nearly $624,000 following a specific attack path.
The primary cause of the attack lies in the Pair contract, which allows the externally-callable _transferFeesSupportingTaxTokens function to transfer any given number of specified tokens in the contract to the fee-charging address. Initially, the attacker conducted a normal small-amount swap operation, acquiring tokens necessary for the following swap. The attacker then called the _transferFeesSupportingTaxTokens function to transfer almost all tokens from one party in the pair to the fee-charging address, disrupting the balance of liquidity in the Pair.
Finally, the sync function was called to rebalance the pool, followed by a reverse swap to obtain more ETH than anticipated.
