星球日报|1月 28, 2026 08:12
[BlockSec Releases Analysis of Major Vulnerabilities in Closed-Source Contracts: SwapNet and Aperture Finance Lose $17 Million Due to Insufficient Input Validation]
Odaily Planet Daily News: BlockSec has released an analysis of major vulnerabilities in closed-source contracts, detecting a series of suspicious transactions targeting victim contracts deployed by SwapNet and Aperture Finance on Ethereum, Arbitrum, Base, and BSC, with total losses exceeding $17 million. Fundamentally, the root cause of these two incidents is quite simple: the victim contracts had arbitrary call vulnerabilities due to insufficient input validation, which attackers exploited to abuse existing token authorizations and steal assets via transferFrom. Although the SwapNet and Aperture Finance incidents affected different protocols and blockchains, the core issue in both cases is not complex: user-controlled underlying calls and insufficient input validation in contracts holding token authorizations.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink