BlockSec Releases Major Vulnerability Analysis of Closed-Source Contracts: SwapNet and Aperture Finance Suffer $17 Million Loss Due to Insufficient Input Validation

Odaily News BlockSec has released a major vulnerability analysis of closed-source contracts. It detected a series of suspicious transactions targeting victim contracts deployed by SwapNet and Aperture Finance on Ethereum, Arbitrum, Base, and BSC, with total losses exceeding $17 million. Fundamentally, the root causes of both incidents are quite simple. The victim contracts contained arbitrary call vulnerabilities due to insufficient input validation, which attackers could exploit to abuse existing token approvals and steal assets via transferFrom.

Although the SwapNet and Aperture Finance incidents affected different protocols and blockchains, their underlying issues are not complex: user-controlled low-level calls and insufficient input validation within contracts holding token approvals.