$219,000 Stolen in Base Network Attack via Vulnerable Smart Contract

CertiK Alert warns of a Base chain exploit using an unverified contract’s insecure swap callback, resulting in a 55 WETH theft and urging revocation of prior user authorizations.

WETH

183d ago

Summary

CertiK Alert reported on Oct. 30 that an unverified contract on the Base blockchain was exploited, causing a loss of approximately 55 WETH (~$220,000) from a previously authorized user. The vulnerability lies in the contract’s uniswapV3SwapCallback() function, which lacks proper access control, enabling unauthorized fund transfers. Users are advised to revoke authorizations to mitigate the risk of further losses.

Terms & Concepts

Access Control: A mechanism in smart contracts restricting operations to authorized entities; improper implementation can allow unauthorized actions.
WETH: Wrapped Ether, an ERC-20 token representing Ether, used in decentralized applications for compatibility with smart contract standards.
uniswapV3SwapCallback(): A callback function in Uniswap V3 used during token swaps; if insecure, it can be exploited to move funds without proper authorization.