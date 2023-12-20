copy link
Transit Finance Project Attacked Due to Lack of Input Validation in SwapRouter Function
Binance News
2023-12-20 07:15
According to Foresight News, the Transit Finance project has been attacked, and Beosin's security team has analyzed that the exactInputV3Swap function in Transit Finance's SwapRouter is vulnerable due to a lack of input validation for pool inputs. This vulnerability led to the attack. In the case of the 0x93ae5...6de1081 transaction, the attacker used a fake pool and WBNB/BUSD pool path, controlling the actualAmountIn during the first exchange. As a result, SwapRouter used the fake actualAmountIn as the initial value for the exchange in the WBNB/BUSD pool, allowing the attacker to steal BUSD from the SwapRouter.
