1inch Network

Quick Summary

On March 6, 2025, 1inch’s Fusion v1 Settlement Contract suffered a $2.6 million exploit, losing approximately $1.2 million in USDC
and 638 ETH. The root cause was a re-entrancy vulnerability in the fillOrderInteraction() function, which allowed attackers to
repeatedly gain approvals for asset transfers.




Details of the Exploit

The exploited function, fillOrderInteraction(), blindly accepted user-supplied input (takingAmount) and returned that value as the
approved transfer amount. This function is part of the 1inch Aggregation Router (0x1111111254eeb25477b68fb85ed929f73a960582),
which called fillOrderTo(). Critically, both functions accepted arbitrary calldata, opening the door to a re-entrancy attack. This
re-entrancy flaw enabled multiple fraudulent approvals, allowing the attacker to withdraw funds far beyond legitimate order
amounts.




Block Data Reference

Exploit TX Example:

https://etherscan.io/tx/0xb5c94efa0c8fd8f5c8cc2826e374a99620b01061d395b59b8f45dddc9fce1c60