- Amount Lost: $628,583.00
- Funds Returned: $0.00
- Category: Exchange (DEX)
- Date: 2023-8-1
Quick Summary
LeetSwap, an AMM-based DEX on Base chain, was exploited, resulting in a loss of 342.56 ETH worth 628,583 USD.
Details of the Exploit
On Aug 01, 2023, LeetSwap's AMM-based DEX running on Base chain was exploited. The attacker executed a sequence of malicious actions that allowed them to steal funds from the protocol. The steps involved:
1. Swapping a small amount of WETH for X tokens (a transaction that should have incurred fees).
2. Calling _transferFeesSupportingTaxTokens(address, uint256) to move the token to a Fees contract.
3. Calling sync().
4. Swapping X tokens for all the WETH from the pool.
As a result of these actions, approximately 342.56 ETH, equivalent to around 628,583 USD, were stolen.
Block Data Reference
Attacker Address:
https://basescan.org/address/0x705f736145bb9d4a4a186f4595907b60815085c3
Funds Holder Address as of August 1, 2023: https://basescan.org/address/0x5b030f90db67190373dbf3422436df4c62f60a60
Malicious Transaction: https://basescan.org/tx/0xbb837d417b76dd237b4418e1695a50941a69259a1c4dee561ea57d982b9f10ec
Malicious Contract Address: https://basescan.org/address/0xea8f89f47f3d4293897b4fe8cb69b5c233b9f560
Proof Links: