Beosin EagleEye: Analysis of the Attack Incident on Transit Finance
According to ChainCatcher's message, monitoring by Beosin's EagleEye security risk monitoring, early warning, and blocking platform shows that the Transit Finance project has been attacked. The Beosin security team analyzed that the exactInputV3Swap function in Transit Finance's SwapRouter lacked proper validation of pool input legitimacy, leading to the attack. Taking the transaction 0x93ae5…6de1081 as an example, the attacker passed in a forged pool and WBNB/BUSD pool path, thereby controlling the actualAmountIn during the first exchange. This caused the SwapRouter to use the forged actualAmountIn as the initial value for the exchange in the WBNB/BUSD pool, resulting in the theft of BUSD from the SwapRouter.
Related tags
ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.
Related tags
