Decentralized exchange LeetSwap, which operates on Coinbase’s Base network has announced a sudden pause to trading, citing concerns of a potential exploit.
LeetSwap tweeted on Aug. 1 that it noticed some of its liquidity pools may have been compromised and temporarily stopped trading to investigate.
Algorithmic market maker Wintermute’s research head Igor Igamberdiev was among those sharing theories on how the exploit may have worked, saying the attacker could have used an exposed smart contract function.
The function would have allowed them to undertake a series of token swaps eventually allowing them to drain liquidity pools on LeetSwap.
It was easy:
– swap a bit of WETH for X tokens (should have fees)
– call _transferFeesSupportingTaxTokens(address, uint256) to move token to a Fees contract
– call sync()
– swap X tokens for all WETH from the pool
Don’t think that this function should be public
— Igor Igamberdiev (@FrankResearcher) August 1, 2023
Igamberdiev added the potential exploit has seemingly netted the attacker 342 Ether (ETH) worth over $630,000.
This is a developing story, and further information will be added as it becomes available.