A detailed analysis of a security exploit that drained ~20,000 USDC from a user through a year-old vulnerability in ParaSwap's AugustusV6 router. The attacker created a fake Uniswap V3 pool and exploited insufficient callback verification in the router contract, which allowed unauthorized transfer of tokens from addresses that had granted allowances. The attack demonstrates the critical importance of carefully managing token approvals and the risks of trusting swap routers with unlimited allowances.
Sort: