Decoding Rubic Exchange Exploit | QuillAudits


Introduction to Protocol and How its tech works.:

Check out the official docs for more info on the protocol.

Vulnerability Analysis & Impact:

On-Chain Details:

Setting USDC as Router Txn: 0x30679e7b6b410fb78368f5fb6e4c203e44d81c66ae9014c797e40856be1bbe66

Attacker transfer Txns:

The attack:

See here: 0x30679e7b6b410fb78368f5fb6e4c203e44d81c66ae9014c797e40856be1bbe66

The attack started with the attacker funding his wallet with 0.19 ETH from the SWFT swap.

Then, the attacker took advantage of the flaw in the contract and started transferring USDC tokens from users(who approved their tokens to the router contract) to his contract via the transferFrom interface.

The attacker then swapped USDC tokens for ETH and sent the tokens to his wallet.

There were 2 such transactions made by hackers and around 1.45 Million were stolen by him. The hacker then transferred the stolen funds through the Tornado Cash.

After the Exploit :

Status of Funds:

And currently, the attacker has 0.049 ETH i.e. $60 in his wallet.


Web3 security- Need of the hour

Want more Such Security Blogs & Reports?

Partner with QuillAudits :



Smart Contract Auditing Experts , Making web3 a safer place .

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store