Decentralized exchange LeetSwap, which operates on Coinbase’s Base network has announced a sudden pause to trading, citing concerns of a potential exploit.
LeetSwap tweeted on Aug. 1 that it noticed some of its liquidity pools may have been compromised and temporarily stopped trading to investigate.
Algorithmic market maker Wintermute’s research head Igor Igamberdiev was among those sharing theories on how the exploit may have worked, saying the attacker could have used an exposed smart contract function.
Related: Pro-XRP lawyer Jeremy Hogan’s scam tweet bonanza finally falls silent
The function would have allowed them to undertake a series of token swaps eventually allowing them to drain liquidity pools on LeetSwap.
It was easy:
– swap a bit of WETH for X tokens (should have fees)
– call _transferFeesSupportingTaxTokens(address, uint256) to move token to a Fees contract
– call sync()
– swap X tokens for all WETH from the poolDon’t think that this function should be public
GG WP pic.twitter.com/a7vXvWf0HY
— Igor Igamberdiev (@FrankResearcher) August 1, 2023
Igamberdiev added the potential exploit has seemingly netted the attacker 342 Ether (ETH) worth over $630,000.
Asia Express: China expands CBDC’s tentacles, Malaysia is HK’s new crypto rival
This is a developing story, and further information will be added as it becomes available.