Security team: Multichain’s Anyswap V4 Router contract suffered a preemptive attack, and the attacker made about $130000

It is reported that, according to the monitoring of the Beosin EagleEye security risk monitoring, warning and blocking platform of Beosin, a blockchain security audit company, on February 15, 2023, an attacker used the MEV contract (0xd050) to preemptively call the anySwapOutUnderlyingWithPermit function of the AnyswapV4Router contract before the normal transaction execution (the user authorized the WETH but has not yet transferred the account) for signature authorization transfer, Although the function uses the permit signature verification of the token, the stolen WETH has no relevant signature verification function, and only triggers the deposit function in the fallback. In subsequent function calls, attackers can directly use the safeTransferFrom function to_ The underlying address is authorized to the WETH of the attacked contract and transferred to the attack contract. The attacker made a profit of about 87 Ethereum, about $130000. Beosin Trace tracked and found that about 70 Ethereum stolen funds had entered the address 0x690b, and about 17 Ethereum remained in the MEVBOT contract.

Interpretation of this information:

On February 15, 2023, an attacker used the MEV contract to preemptively call a function in the AnyswapV4Router contract, allowing them to steal 87 Ethereum (valued at $130,000). The victim authorized the WETH but had not yet transferred the account for signature authorization transfer, leaving them vulnerable to the attack. Although the function has signature verification, the stolen WETH lacked relevant verification functions and only triggered the deposit function. The attacker was able to transfer the stolen funds to their own account. Beosin Trace tracked 70 Ethereum to the address 0x690b, while 17 Ethereum remained in the MEVBOT contract.